fkie_cve-2011-10023
Vulnerability from fkie_nvd
Published
2025-08-20 16:15
Modified
2025-08-22 18:09
Severity ?
8.4 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
MJM QuickPlayer (likely now referred to as MJM Player) version 2010 contains a stack-based buffer overflow vulnerability triggered by opening a malicious .s3m music file. The flaw occurs due to improper bounds checking in the file parser, allowing an attacker to overwrite memory and execute arbitrary code. Exploitation is achieved via a crafted payload that bypasses DEP and ASLR protections using ROP techniques, and requires user interaction to open the file.
References
disclosure@vulncheck.comhttps://mjm-software.com
disclosure@vulncheck.comhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/mjm_quickplayer_s3m.rb
disclosure@vulncheck.comhttps://web.archive.org/web/20111016194042/https://www.corelan.be/index.php/forum/security-advisories/corelan-11-003-mjm-quickplayer-2-3-2010-stack-buffer-overflow-s3m/
disclosure@vulncheck.comhttps://www.exploit-db.com/exploits/17229
disclosure@vulncheck.comhttps://www.vulncheck.com/advisories/mjm-quickplayer-s3m-stack-based-buffer-overflow
134c704f-9b21-4f2e-91b3-4a467353bcc0https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/mjm_quickplayer_s3m.rb
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.exploit-db.com/exploits/17229
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MJM QuickPlayer (likely now referred to as MJM Player) version 2010 contains a stack-based buffer overflow vulnerability triggered by opening a malicious .s3m music file. The flaw occurs due to improper bounds checking in the file parser, allowing an attacker to overwrite memory and execute arbitrary code. Exploitation is achieved via a crafted payload that bypasses DEP and ASLR protections using ROP techniques, and requires user interaction to open the file."
    },
    {
      "lang": "es",
      "value": "La versi\u00f3n 2010 de MJM QuickPlayer (probablemente ahora conocido como MJM Player) contiene una vulnerabilidad de desbordamiento de b\u00fafer basada en pila que se activa al abrir un archivo de m\u00fasica .s3m malicioso. La falla se produce debido a una comprobaci\u00f3n incorrecta de los l\u00edmites en el analizador de archivos, lo que permite a un atacante sobrescribir la memoria y ejecutar c\u00f3digo arbitrario. La explotaci\u00f3n se logra mediante un payload manipulado que elude las protecciones DEP y ASLR mediante t\u00e9cnicas ROP y requiere la interacci\u00f3n del usuario para abrir el archivo."
    }
  ],
  "id": "CVE-2011-10023",
  "lastModified": "2025-08-22T18:09:17.710",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "ACTIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-20T16:15:34.870",
  "references": [
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://mjm-software.com"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/mjm_quickplayer_s3m.rb"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://web.archive.org/web/20111016194042/https://www.corelan.be/index.php/forum/security-advisories/corelan-11-003-mjm-quickplayer-2-3-2010-stack-buffer-overflow-s3m/"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.exploit-db.com/exploits/17229"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.vulncheck.com/advisories/mjm-quickplayer-s3m-stack-based-buffer-overflow"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/mjm_quickplayer_s3m.rb"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.exploit-db.com/exploits/17229"
    }
  ],
  "sourceIdentifier": "disclosure@vulncheck.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "disclosure@vulncheck.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.