CVE-2011-10021

Magix Musik Maker 16 is vulnerable to a stack-based buffer overflow due to improper handling of .mmm arrangement files. The vulnerability arises from an unsafe strcpy() operation that fails to validate input length, allowing attackers to overwrite the Structured Exception Handler (SEH). By crafting a malicious .mmm file, an attacker can trigger the overflow when the file is opened, potentially leading to arbitrary code execution. This vulnerability was remediated in version 17.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/magix_musikmaker_16_mmm.rb
https://web.archive.org/web/20110503060356/https://www.corelan.be/index.php/forum/security-advisories/corelan-11-002-magix-music-maker-16-stack-buffer-overflow/
https://www.darkreading.com/vulnerabilities-threats/another-researcher-hit-with-threat-of-german-anti-hacking-law
https://www.exploit-db.com/exploits/17313
https://www.exploit-db.com/exploits/17329
https://www.magix.com/us/music-editing/music-maker/
https://www.vulncheck.com/advisories/magix-musik-maker-stack-based-buffer-overflow

Configurations

No configuration.

History

20 Aug 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-20 16:15

Updated : 2025-08-20 16:15

NVD link : CVE-2011-10021

Mitre link : CVE-2011-10021

CVE.ORG link : CVE-2011-10021

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2011-10021", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-20T16:15:34.510", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/magix_musikmaker_16_mmm.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://web.archive.org/web/20110503060356/https://www.corelan.be/index.php/forum/security-advisories/corelan-11-002-magix-music-maker-16-stack-buffer-overflow/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.darkreading.com/vulnerabilities-threats/another-researcher-hit-with-threat-of-german-anti-hacking-law", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/17313", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/17329", "source": "disclosure@vulncheck.com"}, {"url": "https://www.magix.com/us/music-editing/music-maker/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/magix-musik-maker-stack-based-buffer-overflow", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "Magix Musik Maker 16 is vulnerable to a stack-based buffer overflow due to improper handling of .mmm arrangement files. The vulnerability arises from an unsafe strcpy() operation that fails to validate input length, allowing attackers to overwrite the Structured Exception Handler (SEH). By crafting a malicious .mmm file, an attacker can trigger the overflow when the file is opened, potentially leading to arbitrary code execution. This vulnerability was remediated in version 17."}], "lastModified": "2025-08-20T16:15:34.510", "sourceIdentifier": "disclosure@vulncheck.com"}