What is the CVSS score of CVE-2020-37050?

CVE-2020-37050 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Is there a public PoC exploit available for CVE-2020-37050?

Yes, a public proof-of-concept exploit is available for CVE-2020-37050. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2020-37050?

Within 24 hours: Identify all Quick Player 1.3 installations across the organization and isolate affected systems from network access if possible. Within 7 days: Implement application whitelisting or disable Quick Player functionality; block .m3l file execution at email gateways and endpoints; restrict user permissions on affected systems. Within 30 days: Evaluate alternative media players; coordinate upgrade planning with Quick Player vendor or migrate to patched/alternative solutions; conduct forensic audit of affected systems for breach indicators.

CVE-2020-37050

CRITICAL

Classic Buffer Overflow (CWE-120)

2026-01-30 disclosure@vulncheck.com

RCE Buffer Overflow

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

PoC Detected

Feb 03, 2026 - 16:44 vuln.today

Public exploit code

CVE Published

Jan 30, 2026 - 23:16 nvd

CRITICAL 9.8

DescriptionCVE.org

Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious .m3l file with carefully constructed payload. Attackers can trigger the vulnerability by loading a specially crafted file through the application's file loading mechanism, potentially enabling remote code execution.

AnalysisAI

Buffer overflow in Quick Player 1.3 via crafted .m3l playlist file allows arbitrary code execution. PoC available.

Technical ContextAI

CWE-120 in .m3l file parsing.

Affected ProductsAI

Quick Player 1.3

RemediationAI

Replace with a maintained media player.

CVE-2020-37050 vulnerability details – vuln.today

Back

CVE-2020-37050

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code