CVE-2011-10015

UNKNOWN 0.0

Cytel Studio <= 9.0 .CY3 File Stack Buffer Overflow

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened.

CWE	CWE-121
Vendor	cytel inc.
Product	studio
Published	Aug 13, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for cytel inc. studio

Be the first to know when new unknown vulnerabilities affecting cytel inc. studio are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Cytel Inc. / Studio

* ≤ 9.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/cytel_studio_cy3.rb exploit-db.com: https://www.exploit-db.com/exploits/17930 exploit-db.com: https://www.exploit-db.com/exploits/18027 aluigi.altervista.org: http://aluigi.altervista.org/adv/cytel_1-adv.txt web.archive.org: https://web.archive.org/web/20110708215826/http://www.cytel.com/Software/LogXact.aspx web.archive.org: https://web.archive.org/web/20110708215830/http://www.cytel.com/Software/StatXact.aspx web.archive.org: https://web.archive.org/web/20110301000000*/http://www.cytel.com/Software/StatXact.aspx vulncheck.com: https://www.vulncheck.com/advisories/cytel-studio-cy3-file-stack-buffer-overflow

Credits

Luigi Auriemma