CVE-2009-0476
CVE-2009-0476
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 37.0%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
08 Feb 2009Published on NVD
24 Sep 2009Public PoC
08 Dec 2009Metasploit module available
Weaponization speed
227 daysto first PoC
302 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, as originally reported for Euphonics Audio Player 1.0. NOTE: some of these details are obtained from third party information.
Affected products
n/a · n/apublic PoCs found — 7
exploitdbwww.exploit-db.com/exploits/16626unverifiedcve_referencewww.exploit-db.com/exploits/7974unverifiedcve_referencewww.exploit-db.com/exploits/7958unverifiedcve_referencewww.exploit-db.com/exploits/7973unverifiedexploitdbwww.exploit-db.com/exploits/15013unverifiedexploitdbwww.exploit-db.com/exploits/10353unverifiedexploitdbwww.exploit-db.com/exploits/11079unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://secunia.com/advisories/33791http://secunia.com/advisories/33817https://www.exploit-db.com/exploits/7958https://www.exploit-db.com/exploits/7973https://www.exploit-db.com/exploits/7974http://www.securityfocus.com/archive/1/500652/100/0/threadedhttp://www.securityfocus.com/bid/33589http://www.vupen.com/english/advisories/2009/0316