CVE-2012-10031
BlazeVideo HDTV Player Pro 6.6.0.3 Filename Handling Buffer Overflow
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted .plf file, the MediaPlayerCtrl.dll component invokes PathFindFileNameA() to extract a filename from a URL-like string. The returned value is then copied to a fixed-size stack buffer using an inline strcpy call without bounds checking. If the input exceeds the buffer size, this leads to a stack overflow and potential arbitrary code execution under the context of the user.
| CWE | CWE-121 |
| Vendor | blazevideo inc. |
| Product | hdtv player pro |
| Published | Aug 5, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for blazevideo inc. hdtv player pro
Be the first to know when new unknown vulnerabilities affecting blazevideo inc. hdtv player pro are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
BlazeVideo Inc. / HDTV Player Pro
6.6.0.3
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/blazedvd_hdtv_bof.rb exploit-db.com: https://www.exploit-db.com/exploits/22931 exploit-db.com: https://www.exploit-db.com/exploits/18693 exploit-db.com: https://www.exploit-db.com/exploits/23052 web.archive.org: https://web.archive.org/web/20100302202333/https://blazevideo.com/help_center/hdtv-help/Technical-Support.html vulncheck.com: https://www.vulncheck.com/advisories/blazevideo-hdtv-player-pro-filename-handling-buffer-overflow
Credits
b33f