CVE-2010-20111
8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Digital Music Pad v8.2.3.3.4 contains a stack-based buffer overflow vulnerability in its playlist file parser. When opening a .pls file containing an excessively long string in the File1 field, the application fails to properly validate input length, resulting in corruption of the Structured Exception Handler (SEH) on the stack. This flaw may allow an attacker to control execution flow when the file is opened, potentially leading to arbitrary code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Digital Music Pad | Digital Music Pad | 0 <= 8.2.3.3.4 | affected |
Weaknesses
- CWE-121: CWE-121 Stack-based Buffer Overflow
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://web.archive.org/web/20100923154433/http://secunia.com:80/advisories/41519
- https://www.exploit-db.com/exploits/15134
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/digital_music_pad_pls.rb
- https://www.topshareware.com/Digital-Music-Pad-download-79446.htm
- https://www.vulncheck.com/advisories/digital-music-pad-stack-buffer-overflow
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.