{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T03:48:45.832","vulnerabilities":[{"cve":{"id":"CVE-2011-10023","sourceIdentifier":"disclosure@vulncheck.com","published":"2025-08-20T16:15:34.870","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"MJM QuickPlayer (likely now referred to as MJM Player) version 2010 contains a stack-based buffer overflow vulnerability triggered by opening a malicious .s3m music file. The flaw occurs due to improper bounds checking in the file parser, allowing an attacker to overwrite memory and execute arbitrary code. Exploitation is achieved via a crafted payload that bypasses DEP and ASLR protections using ROP techniques, and requires user interaction to open the file."},{"lang":"es","value":"La versión 2010 de MJM QuickPlayer (probablemente ahora conocido como MJM Player) contiene una vulnerabilidad de desbordamiento de búfer basada en pila que se activa al abrir un archivo de música .s3m malicioso. La falla se produce debido a una comprobación incorrecta de los límites en el analizador de archivos, lo que permite a un atacante sobrescribir la memoria y ejecutar código arbitrario. La explotación se logra mediante un payload manipulado que elude las protecciones DEP y ASLR mediante técnicas ROP y requiere la interacción del usuario para abrir el archivo."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://mjm-software.com","source":"disclosure@vulncheck.com"},{"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/mjm_quickplayer_s3m.rb","source":"disclosure@vulncheck.com"},{"url":"https://web.archive.org/web/20111016194042/https://www.corelan.be/index.php/forum/security-advisories/corelan-11-003-mjm-quickplayer-2-3-2010-stack-buffer-overflow-s3m/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/17229","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/mjm-quickplayer-s3m-stack-based-buffer-overflow","source":"disclosure@vulncheck.com"},{"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/mjm_quickplayer_s3m.rb","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.exploit-db.com/exploits/17229","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}