Vulnerability Description
Digital Music Pad v8.2.3.3.4 contains a stack-based buffer overflow vulnerability in its playlist file parser. When opening a .pls file containing an excessively long string in the File1 field, the application fails to properly validate input length, resulting in corruption of the Structured Exception Handler (SEH) on the stack. This flaw may allow an attacker to control execution flow when the file is opened, potentially leading to arbitrary code execution.
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
- https://web.archive.org/web/20100923154433/http://secunia.com:80/advisories/4151
- https://www.exploit-db.com/exploits/15134
- https://www.topshareware.com/Digital-Music-Pad-download-79446.htm
- https://www.vulncheck.com/advisories/digital-music-pad-stack-buffer-overflow
FAQ
What is CVE-2010-20111?
CVE-2010-20111 is a documented vulnerability. Digital Music Pad v8.2.3.3.4 contains a stack-based buffer overflow vulnerability in its playlist file parser. When opening a .pls file containing an excessively long string in the File1 field, the ap...
How severe is CVE-2010-20111?
CVSS scoring is not yet available for CVE-2010-20111. Check NVD for updates.
Is there a patch for CVE-2010-20111?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.