CRITICAL🇵🇱 Wersja polska

CVE-2010-10016

CVSS 10.0v4.0pub. 2025-08-30upd. 2026-04-15

BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw occurs during parsing of long URLs embedded in the playlist, allowing overwrite of Structured Exception Handler (SEH) records. The vulnerability is triggered upon opening a crafted playlist file and affects the Unicode parsing logic in the Windows client.

🤖 AI Analysis
How it works

The application does not validate the length of entries when parsing .m3u playlist files, leading to a buffer overflow. An attacker embeds an exceptionally long URL in the .m3u file, whose processing by the Unicode parsing logic causes Structured Exception Handler (SEH) records to be overwritten. It is sufficient for the victim to open the crafted playlist file — no additional interaction or special privileges are required.

Impact

An attacker can execute arbitrary code (RCE) in the context of the BS.Player process on the victim's computer, which may lead to complete compromise of the Windows system running the vulnerable application.

Mitigation & patch

Apply patches available from the vendor according to the references. As a workaround, avoid opening .m3u files from untrusted sources. Consider replacing the vulnerable application with a newer version or an alternative media player.

Who is affected

BS.Player version 2.57 (build 1051) running on Windows systems — affects customers using the M3U playlist import functionality.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References