CVE-2010-10017
WM Downloader 3.1.2.2 Buffer Overflow via Malformed M3U File
Vexday Risk Score
36Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 8.4EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit simPatch —
Ciclo de vida
28 jul 2010Exploit Metasploit disponible
30 ago 2025Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
WM Downloader version 3.1.2.2 is vulnerable to a buffer overflow when processing a specially crafted .m3u playlist file. The application fails to properly validate input length, allowing an attacker to overwrite structured exception handler (SEH) records and execute arbitrary code. Exploitation occurs locally when a user opens the malicious file, and the payload executes with the privileges of the current user.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
WM Downloader · WM Downloader¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/wm_downloader_m3u.rbhttps://www.exploit-db.com/exploits/14497https://www.exploit-db.com/exploits/16642https://www.fortiguard.com/encyclopedia/ips/24038/wm-downloader-buffer-overflowhttps://www.vulncheck.com/advisories/wm-downloader-buffer-overflow-via-malformed-m3u-file