CVE-1999-0946

Yamaha MidiPlug - Buffer Overflow via EMBED Tag Text Variable

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0946. PoCs published by UNYUN.

AI-analyzed exploit summary This exploit targets a buffer overflow in Yamaha MidiPLUG 1.10b-j for Windows 98 IE4.0/5.0 via a long 'Text' variable in an EMBED tag. It generates an HTML file with shellcode to execute arbitrary commands (e.g., 'WELCOME.EXE') when the page is visited.

Description

Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag.

Exploits (1)

exploitdb WORKING POC VERIFIED
by UNYUN · clocalwindows
https://www.exploit-db.com/exploits/19585

This exploit targets a buffer overflow in Yamaha MidiPLUG 1.10b-j for Windows 98 IE4.0/5.0 via a long 'Text' variable in an EMBED tag. It generates an HTML file with shellcode to execute arbitrary commands (e.g., 'WELCOME.EXE') when the page is visited.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Yamaha MidiPLUG 1.10b-j for Windows 98 IE4.0/5.0
No auth needed
Prerequisites: Victim must visit a malicious webpage with the crafted EMBED tag · Yamaha MidiPLUG 1.10b-j must be installed on Windows 98 with IE4.0/5.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=94157187815629&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/760

Scores

EPSS 0.0175
EPSS Percentile 75.0%

Details

Status published
Products (1)
yamaha/midiplug 1.1bj
Published Nov 02, 1999
Tracked Since Feb 18, 2026