CVE-2009-20002

Millenium MP3 Studio versions up to and including 2.0 is vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application fails to properly validate the length of the File1 field within the playlist, allowing an attacker to craft a malicious .pls file that overwrites the Structured Exception Handler (SEH) and executes arbitrary code. Exploitation requires the victim to open the file locally, though remote execution may be possible if the .pls extension is registered to the application and opened via a browser.

CVSS

No CVSS.

References

Link	Resource
https://ccm.net/downloads/sound/5995-millennium-mp3-studio/
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/millenium_mp3_pls.rb
https://web.archive.org/web/20090731112010/http://www.milw0rm.com/exploits/9277
https://www.exploit-db.com/exploits/10240
https://www.exploit-db.com/exploits/9618
https://www.vulncheck.com/advisories/millenium-mp3-studio-pls-file-stack-based-buffer-overflow
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/millenium_mp3_pls.rb
https://www.exploit-db.com/exploits/9618

Configurations

No configuration.

History

No history.

Information

Published : 2025-08-21 21:15

Updated : 2025-08-22 18:08

NVD link : CVE-2009-20002

Mitre link : CVE-2009-20002

CVE.ORG link : CVE-2009-20002

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2009-20002", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "disclosure@vulncheck.com"}], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-21T21:15:32.207", "references": [{"url": "https://ccm.net/downloads/sound/5995-millennium-mp3-studio/", "source": "disclosure@vulncheck.com"}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/millenium_mp3_pls.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://web.archive.org/web/20090731112010/http://www.milw0rm.com/exploits/9277", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/10240", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/9618", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/millenium-mp3-studio-pls-file-stack-based-buffer-overflow", "source": "disclosure@vulncheck.com"}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/millenium_mp3_pls.rb", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.exploit-db.com/exploits/9618", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "Millenium MP3 Studio versions up to and including 2.0 is vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application fails to properly validate the length of the File1 field within the playlist, allowing an attacker to craft a malicious .pls file that overwrites the Structured Exception Handler (SEH) and executes arbitrary code. Exploitation requires the victim to open the file locally, though remote execution may be possible if the .pls extension is registered to the application and opened via a browser."}, {"lang": "es", "value": "Las versiones de Millenium MP3 Studio hasta la 2.0 incluida son vulnerables a un desbordamiento de b\u00fafer basado en pila al analizar archivos de listas de reproducci\u00f3n .pls. La aplicaci\u00f3n no valida correctamente la longitud del campo File1 dentro de la lista de reproducci\u00f3n, lo que permite a un atacante manipular un archivo .pls malicioso que sobrescribe el Gestor de Excepciones Estructuradas (SEH) y ejecuta c\u00f3digo arbitrario. Para explotar esta vulnerabilidad, la v\u00edctima debe abrir el archivo localmente, aunque la ejecuci\u00f3n remota podr\u00eda ser posible si la extensi\u00f3n .pls est\u00e1 registrada en la aplicaci\u00f3n y se abre mediante un navegador."}], "lastModified": "2025-08-22T18:08:51.663", "sourceIdentifier": "disclosure@vulncheck.com"}