CVE-2010-20111

Digital Music Pad v8.2.3.3.4 contains a stack-based buffer overflow vulnerability in its playlist file parser. When opening a .pls file containing an excessively long string in the File1 field, the application fails to properly validate input length, resulting in corruption of the Structured Exception Handler (SEH) on the stack. This flaw may allow an attacker to control execution flow when the file is opened, potentially leading to arbitrary code execution.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/digital_music_pad_pls.rb
https://web.archive.org/web/20100923154433/http://secunia.com:80/advisories/41519
https://www.exploit-db.com/exploits/15134
https://www.topshareware.com/Digital-Music-Pad-download-79446.htm
https://www.vulncheck.com/advisories/digital-music-pad-stack-buffer-overflow

Configurations

No configuration.

History

22 Aug 2025, 18:08

Type	Values Removed	Values Added
Summary		(es) Digital Music Pad v8.2.3.3.4 contiene una vulnerabilidad de desbordamiento de búfer en la pila en su analizador de archivos de lista de reproducción. Al abrir un archivo .pls que contiene una cadena excesivamente larga en el campo Archivo1, la aplicación no valida correctamente la longitud de entrada, lo que provoca la corrupción del Gestor de Excepciones Estructuradas (SEH) en la pila. Esta falla podría permitir que un atacante controle el flujo de ejecución al abrir el archivo, lo que podría provocar la ejecución de código arbitrario.

21 Aug 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-21 20:15

Updated : 2025-08-22 18:08

NVD link : CVE-2010-20111

Mitre link : CVE-2010-20111

CVE.ORG link : CVE-2010-20111

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2010-20111", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "disclosure@vulncheck.com"}], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-21T20:15:31.043", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/digital_music_pad_pls.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://web.archive.org/web/20100923154433/http://secunia.com:80/advisories/41519", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/15134", "source": "disclosure@vulncheck.com"}, {"url": "https://www.topshareware.com/Digital-Music-Pad-download-79446.htm", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/digital-music-pad-stack-buffer-overflow", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "Digital Music Pad v8.2.3.3.4 contains a stack-based buffer overflow vulnerability in its playlist file parser. When opening a .pls file containing an excessively long string in the File1 field, the application fails to properly validate input length, resulting in corruption of the Structured Exception Handler (SEH) on the stack. This flaw may allow an attacker to control execution flow when the file is opened, potentially leading to arbitrary code execution."}, {"lang": "es", "value": "Digital Music Pad v8.2.3.3.4 contiene una vulnerabilidad de desbordamiento de b\u00fafer en la pila en su analizador de archivos de lista de reproducci\u00f3n. Al abrir un archivo .pls que contiene una cadena excesivamente larga en el campo Archivo1, la aplicaci\u00f3n no valida correctamente la longitud de entrada, lo que provoca la corrupci\u00f3n del Gestor de Excepciones Estructuradas (SEH) en la pila. Esta falla podr\u00eda permitir que un atacante controle el flujo de ejecuci\u00f3n al abrir el archivo, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "lastModified": "2025-08-22T18:08:51.663", "sourceIdentifier": "disclosure@vulncheck.com"}