FKIE_CVE-2011-10015

Vulnerability from fkie_nvd - Published: 2025-08-13 21:15 - Updated: 2025-08-14 15:15
Severity ?
9.3 (Critical) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened.
References
disclosure@vulncheck.comhttp://aluigi.altervista.org/adv/cytel_1-adv.txt
disclosure@vulncheck.comhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/cytel_studio_cy3.rb
disclosure@vulncheck.comhttps://web.archive.org/web/20110301000000*/http://www.cytel.com/Software/StatXact.aspx
disclosure@vulncheck.comhttps://web.archive.org/web/20110708215826/http://www.cytel.com/Software/LogXact.aspx
disclosure@vulncheck.comhttps://web.archive.org/web/20110708215830/http://www.cytel.com/Software/StatXact.aspx
disclosure@vulncheck.comhttps://www.exploit-db.com/exploits/17930
disclosure@vulncheck.comhttps://www.exploit-db.com/exploits/18027
disclosure@vulncheck.comhttps://www.vulncheck.com/advisories/cytel-studio-cy3-file-stack-buffer-overflow
134c704f-9b21-4f2e-91b3-4a467353bcc0https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/cytel_studio_cy3.rb
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.exploit-db.com/exploits/18027
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [
    {
      "sourceIdentifier": "disclosure@vulncheck.com",
      "tags": [
        "unsupported-when-assigned"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened."
    },
    {
      "lang": "es",
      "value": "Cytel Studio versi\u00f3n 9.0 y anteriores son vulnerables a un desbordamiento de b\u00fafer basado en la pila, provocado al analizar un archivo .CY3 malformado. La vulnerabilidad ocurre cuando la aplicaci\u00f3n copia cadenas controladas por el usuario en un b\u00fafer de pila de tama\u00f1o fijo (256 bytes) sin la comprobaci\u00f3n de los l\u00edmites adecuada. Su explotaci\u00f3n permite la ejecuci\u00f3n de c\u00f3digo arbitrario al abrir el archivo manipulado."
    }
  ],
  "id": "CVE-2011-10015",
  "lastModified": "2025-08-14T15:15:30.383",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "ACTIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-13T21:15:28.910",
  "references": [
    {
      "source": "disclosure@vulncheck.com",
      "url": "http://aluigi.altervista.org/adv/cytel_1-adv.txt"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/cytel_studio_cy3.rb"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://web.archive.org/web/20110301000000*/http://www.cytel.com/Software/StatXact.aspx"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://web.archive.org/web/20110708215826/http://www.cytel.com/Software/LogXact.aspx"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://web.archive.org/web/20110708215830/http://www.cytel.com/Software/StatXact.aspx"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.exploit-db.com/exploits/17930"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.exploit-db.com/exploits/18027"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.vulncheck.com/advisories/cytel-studio-cy3-file-stack-buffer-overflow"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/cytel_studio_cy3.rb"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.exploit-db.com/exploits/18027"
    }
  ],
  "sourceIdentifier": "disclosure@vulncheck.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "disclosure@vulncheck.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.