CVE-2009-0182
CVE-2009-0182
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 48.4%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
20 Jan 2009Published on NVD
18 Aug 2009Metasploit module available
01 May 2021Public PoC
Weaponization speed
4484 daysto first PoC
209 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line.
Affected products
n/a · n/apublic PoCs found — 4
githubgithub.com/nobodyatall648/CVE-2009-0182★ 0cve_referencepacketstormsecurity.com/files/165489/VUPlayer-2.49-Buffer-Overflow.htmlunverifiedcve_referencewww.exploit-db.com/exploits/7695unverifiedexploitdbwww.exploit-db.com/exploits/50650unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.