CVE-2011-10025

Subtitle Processor 7.7.1 contains a buffer overflow vulnerability in its .m3u file parser. When a crafted playlist file is opened, the application converts input to Unicode and copies it to a fixed-size stack buffer without proper bounds checking. This allows an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Common Weakness Enumeration
References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/subtitle_processor_m3u_bof.rb
https://sourceforge.net/projects/subtitleproc/
https://www.exploit-db.com/exploits/17217
https://www.exploit-db.com/exploits/17225
https://www.fortiguard.com/encyclopedia/ips/26849
https://www.vulncheck.com/advisories/subtitle-processor-m3u-seh-unicode-buffer-overflow