CVE-2009-20002

Millenium MP3 Studio versions up to and including 2.0 is vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application fails to properly validate the length of the File1 field within the playlist, allowing an attacker to craft a malicious .pls file that overwrites the Structured Exception Handler (SEH) and executes arbitrary code. Exploitation requires the victim to open the file locally, though remote execution may be possible if the .pls extension is registered to the application and opened via a browser.

CVSS

No CVSS.

References

Link	Resource
https://ccm.net/downloads/sound/5995-millennium-mp3-studio/
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/millenium_mp3_pls.rb
https://web.archive.org/web/20090731112010/http://www.milw0rm.com/exploits/9277
https://www.exploit-db.com/exploits/10240
https://www.exploit-db.com/exploits/9618
https://www.vulncheck.com/advisories/millenium-mp3-studio-pls-file-stack-based-buffer-overflow
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/millenium_mp3_pls.rb
https://www.exploit-db.com/exploits/9618

Configurations

No configuration.

History

22 Aug 2025, 16:15

Type	Values Removed	Values Added
References	~~() https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/millenium_mp3_pls.rb -~~	() https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/millenium_mp3_pls.rb -
References	~~() https://www.exploit-db.com/exploits/9618 -~~	() https://www.exploit-db.com/exploits/9618 -
Summary		(es) Las versiones de Millenium MP3 Studio hasta la 2.0 incluida son vulnerables a un desbordamiento de búfer basado en pila al analizar archivos de listas de reproducción .pls. La aplicación no valida correctamente la longitud del campo File1 dentro de la lista de reproducción, lo que permite a un atacante manipular un archivo .pls malicioso que sobrescribe el Gestor de Excepciones Estructuradas (SEH) y ejecuta código arbitrario. Para explotar esta vulnerabilidad, la víctima debe abrir el archivo localmente, aunque la ejecución remota podría ser posible si la extensión .pls está registrada en la aplicación y se abre mediante un navegador.

21 Aug 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-21 21:15

Updated : 2025-08-22 18:08

NVD link : CVE-2009-20002

Mitre link : CVE-2009-20002

CVE.ORG link : CVE-2009-20002

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

JSON object

Attach tags to CVE-2009-20002

Attach tags to `CVE-2009-20002`