CVE-2010-10017 HIGH

CVE-2010-10017: WM Downloader 3.1.2.2 Buffer Overflow via Malformed M3U File

Vendor Wm Downloader
Product WM Downloader
Weakness CWE-120
Published August 30, 2025
Last update May 15, 2026

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

WM Downloader version 3.1.2.2 is vulnerable to a buffer overflow when processing a specially crafted .m3u playlist file. The application fails to properly validate input length, allowing an attacker to overwrite structured exception handler (SEH) records and execute arbitrary code. Exploitation occurs locally when a user opens the malicious file, and the payload executes with the privileges of the current user.

Key dates

02Disclosure timeline

August 30, 2025 CVE published
May 15, 2026 Record updated