CVE-2010-20111
Digital Music Pad <= 8.2.3.3.4 Stack Buffer Overflow
Vexday Risk Score
36Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS 8.4EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit simPatch —
Ciclo de vida
17 set 2010Exploit Metasploit disponível
21 ago 2025Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
Digital Music Pad v8.2.3.3.4 contains a stack-based buffer overflow vulnerability in its playlist file parser. When opening a .pls file containing an excessively long string in the File1 field, the application fails to properly validate input length, resulting in corruption of the Structured Exception Handler (SEH) on the stack. This flaw may allow an attacker to control execution flow when the file is opened, potentially leading to arbitrary code execution.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Digital Music Pad · Digital Music PadReferências
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/digital_music_pad_pls.rbhttps://web.archive.org/web/20100923154433/http://secunia.com:80/advisories/41519https://www.exploit-db.com/exploits/15134https://www.topshareware.com/Digital-Music-Pad-download-79446.htmhttps://www.vulncheck.com/advisories/digital-music-pad-stack-buffer-overflow