CVE-2011-10025

Subtitle Processor 7.7.1 contains a buffer overflow vulnerability in its .m3u file parser. When a crafted playlist file is opened, the application converts input to Unicode and copies it to a fixed-size stack buffer without proper bounds checking. This allows an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/subtitle_processor_m3u_bof.rb
https://sourceforge.net/projects/subtitleproc/
https://www.exploit-db.com/exploits/17217
https://www.exploit-db.com/exploits/17225
https://www.fortiguard.com/encyclopedia/ips/26849
https://www.vulncheck.com/advisories/subtitle-processor-m3u-seh-unicode-buffer-overflow

Configurations

No configuration.

History

22 Aug 2025, 18:09

Type	Values Removed	Values Added
Summary		(es) Subtitle Processor 7.7.1 presenta una vulnerabilidad de desbordamiento de búfer en su analizador de archivos .m3u. Al abrir un archivo de lista de reproducción manipulado, la aplicación convierte la entrada a Unicode y la copia a un búfer de pila de tamaño fijo sin la comprobación de los límites adecuada. Esto permite a un atacante sobrescribir el manejador de excepciones estructurado (SEH) y ejecutar código arbitrario.

20 Aug 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-20 16:15

Updated : 2025-08-22 18:09

NVD link : CVE-2011-10025

Mitre link : CVE-2011-10025

CVE.ORG link : CVE-2011-10025

JSON object : View

Products Affected

No product.

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2011-10025", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "disclosure@vulncheck.com"}], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-20T16:15:35.257", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/subtitle_processor_m3u_bof.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://sourceforge.net/projects/subtitleproc/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/17217", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/17225", "source": "disclosure@vulncheck.com"}, {"url": "https://www.fortiguard.com/encyclopedia/ips/26849", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/subtitle-processor-m3u-seh-unicode-buffer-overflow", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Subtitle Processor 7.7.1 contains a buffer overflow vulnerability in its .m3u file parser. When a crafted playlist file is opened, the application converts input to Unicode and copies it to a fixed-size stack buffer without proper bounds checking. This allows an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code."}, {"lang": "es", "value": "Subtitle Processor 7.7.1 presenta una vulnerabilidad de desbordamiento de b\u00fafer en su analizador de archivos .m3u. Al abrir un archivo de lista de reproducci\u00f3n manipulado, la aplicaci\u00f3n convierte la entrada a Unicode y la copia a un b\u00fafer de pila de tama\u00f1o fijo sin la comprobaci\u00f3n de los l\u00edmites adecuada. Esto permite a un atacante sobrescribir el manejador de excepciones estructurado (SEH) y ejecutar c\u00f3digo arbitrario."}], "lastModified": "2025-08-22T18:09:17.710", "sourceIdentifier": "disclosure@vulncheck.com"}