logo_clicknbuy.png

CVE-2009-20002 – Millenium MP3 Studio Stack-Based Buffer Overflow

The following table lists the changes that have been made to the
CVE-2009-20002 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Aug. 21, 2025

    Action Type Old Value New Value
    Added Tag unsupported-when-assigned
    Added Description Millenium MP3 Studio versions up to and including 2.0 is vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application fails to properly validate the length of the File1 field within the playlist, allowing an attacker to craft a malicious .pls file that overwrites the Structured Exception Handler (SEH) and executes arbitrary code. Exploitation requires the victim to open the file locally, though remote execution may be possible if the .pls extension is registered to the application and opened via a browser.
    Added CVSS V4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CWE CWE-121
    Added Reference https://ccm.net/downloads/sound/5995-millennium-mp3-studio/
    Added Reference https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/millenium_mp3_pls.rb
    Added Reference https://web.archive.org/web/20090731112010/http://www.milw0rm.com/exploits/9277
    Added Reference https://www.exploit-db.com/exploits/10240
    Added Reference https://www.exploit-db.com/exploits/9618
    Added Reference https://www.vulncheck.com/advisories/millenium-mp3-studio-pls-file-stack-based-buffer-overflow
Share the Post:

Related Posts