Home

Description

Digital Music Pad v8.2.3.3.4 contains a stack-based buffer overflow vulnerability in its playlist file parser. When opening a .pls file containing an excessively long string in the File1 field, the application fails to properly validate input length, resulting in corruption of the Structured Exception Handler (SEH) on the stack. This flaw may allow an attacker to control execution flow when the file is opened, potentially leading to arbitrary code execution.

PUBLISHED Reserved 2025-08-20 | Published 2025-08-21 | Updated 2025-08-22 | Assigner VulnCheck




HIGH: 8.4CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-121 Stack-based Buffer Overflow

Product status

Default status
unaffected

*
affected

Credits

Abhishek Lyall finder

References

web.archive.org/...33/http://secunia.com:80/advisories/41519 third-party-advisory

www.exploit-db.com/exploits/15134 exploit

raw.githubusercontent.com/...format/digital_music_pad_pls.rb exploit

www.topshareware.com/Digital-Music-Pad-download-79446.htm product

www.vulncheck.com/...digital-music-pad-stack-buffer-overflow third-party-advisory

cve.org (CVE-2010-20111)

nvd.nist.gov (CVE-2010-20111)

Download JSON