← voltar
CVE-2009-20002

Millenium MP3 Studio <= 2.0 .pls File Stack-Based Buffer Overflow

CVSS 8.4 HIGHEPSS 0.5%CWE-121
Vexday Risk Score
36Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS 8.4EPSS 0.5%KEV nãoPoC Nuclei Metasploit simPatch
Ciclo de vida
30 jul 2009Exploit Metasploit disponível
21 ago 2025Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
Millenium MP3 Studio versions up to and including 2.0 is vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application fails to properly validate the length of the File1 field within the playlist, allowing an attacker to craft a malicious .pls file that overwrites the Structured Exception Handler (SEH) and executes arbitrary code. Exploitation requires the victim to open the file locally, though remote execution may be possible if the .pls extension is registered to the application and opened via a browser.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Millenium · MP3 Studio