CVE-2011-10022
SPlayer 3.7 Content-Type Header Buffer Overflow
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code. Exploitation requires the victim to open a media file that triggers an HTTP request to a malicious server, which responds with a crafted Content-Type header.
| CWE | CWE-120 |
| Vendor | splayer project |
| Product | splayer |
| Published | Aug 20, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for splayer project splayer
Be the first to know when new unknown vulnerabilities affecting splayer project splayer are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
SPlayer Project / SPlayer
* โค 3.7 (Build 2055)
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/splayer_content_type.rb exploit-db.com: https://www.exploit-db.com/exploits/17243 exploit-db.com: https://www.exploit-db.com/exploits/17268 splayer.org: https://www.splayer.org/ vulncheck.com: https://www.vulncheck.com/advisories/splayer-content-type-header-buffer-overflow
Credits
xsploitedsec