SPlayer Buffer Overflow Vulnerability in HTTP Content-Type Header Processing

A stack-based buffer overflow vulnerability has been identified in SPlayer versions through 3.7 (build 2055). This issue arises when the player processes HTTP responses with excessively long Content-Type headers. The vulnerability is caused by inadequate bounds checking on the header values, which allows an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code. Exploitation requires the user to open a media file that triggers an HTTP request to a malicious server, which then responds with a crafted Content-Type header.

Impact

Exploitation of this vulnerability leads to arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by opening a playlist file (such as M3U or PLS) that contains a URL pointing to a server that will respond with a long Content-Type header. Alternatively, the Metasploit module for this vulnerability can be used, which automates the process of sending the malicious Content-Type header after the victim opens a media file that triggers the HTTP request.