High severityNVD Advisory· Published Jul 31, 2025· Updated Apr 15, 2026

CVE-2011-10008

Description

A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long http:// URL entries. An attacker can craft a malicious .m3u file with a specially formatted URL that triggers a stack overflow when processed by the player, particularly via drag-and-drop interaction. This flaw allows for control of the execution flow through SEH overwrite and a DEP bypass using a ROP chain that leverages known gadgets in loaded DLLs. Successful exploitation may result in arbitrary code execution with the privileges of the current user.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/mplayer_m3u_bof.rbnvd
www.exploit-db.com/exploits/17013nvd
www.vulncheck.com/advisories/mplayer-lite-r33064-m3u-stack-based-buffer-overflownvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.039
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000