CVE-2012-10031 HIGH

CVE-2012-10031: BlazeVideo HDTV Player Pro 6.6.0.3 Filename Handling Buffer Overflow

Vendor Blazevideo Inc.
Product HDTV Player Pro
Weakness CWE-121
Published August 5, 2025
Last update April 7, 2026

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted .plf file, the MediaPlayerCtrl.dll component invokes PathFindFileNameA() to extract a filename from a URL-like string. The returned value is then copied to a fixed-size stack buffer using an inline strcpy call without bounds checking. If the input exceeds the buffer size, this leads to a stack overflow and potential arbitrary code execution under the context of the user.

Key dates

02Disclosure timeline

August 5, 2025 CVE published
April 7, 2026 Record updated

Related vulnerabilities

04Related CVE