Stack-Based Buffer Overflow in Millennium MP3 Studio by Millenium Software
CVE-2009-20002

8.4HIGH

Key Information:

Vendor

Millenium

Status
Mp3 Studio
Vendor
CVE Published:
21 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2009-20002?

Millennium MP3 Studio versions up to and including 2.0 are susceptible to a stack-based buffer overflow due to improper validation of the File1 field in .pls playlist files. This vulnerability allows attackers to craft malicious .pls files capable of overwriting the Structured Exception Handler (SEH), potentially executing arbitrary code on the victim's machine. Although exploitation requires the victim to open the file locally, the risk of remote execution exists if the .pls extension is associated with the application and executed through a web browser.

Affected Version(s)

MP3 Studio * <= 2.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-20002 - Proof of Concept

CVE-2009-20002 - Proof of Concept

CVE-2009-20002 - Proof of Concept

References

https://raw.githubusercontent.com/rapid7/metasploit-frame...
exploit
https://www.exploit-db.com/exploits/9618
exploit
https://www.exploit-db.com/exploits/10240
exploit

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

hack4love
.
CVE-2009-20002 : Stack-Based Buffer Overflow in Millennium MP3 Studio by Millenium Software