CVE-2004-0964

Zinf <2.2.1 - Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2004-0964. PoCs published by C4SS!0 & h1ch4m, Metasploit, His0k4, including Metasploit module exploits/windows/fileformat/zinfaudioplayer221_pls.

AI-analyzed exploit summary This exploit leverages a buffer overflow in Zinf Audio Player v2.2.1 via a maliciously crafted PLS file to bypass DEP using ROP chains and execute arbitrary shellcode (e.g., launching calc.exe).

Description

Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.

Exploits (7)

exploitdb WORKING POC VERIFIED
by C4SS!0 & h1ch4m · rubylocalwindows
https://www.exploit-db.com/exploits/17600

This exploit leverages a buffer overflow in Zinf Audio Player v2.2.1 via a maliciously crafted PLS file to bypass DEP using ROP chains and execute arbitrary shellcode (e.g., launching calc.exe).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Zinf Audio Player v2.2.1
No auth needed
Prerequisites: Victim must open the malicious PLS file with Zinf Audio Player v2.2.1
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16688

This exploit targets a stack-based buffer overflow in Zinf Audio Player 2.2.1 via a maliciously crafted PLS file. It leverages SEH overwrites to achieve remote code execution when the victim opens the file.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Zinf Audio Player 2.2.1
No auth needed
Prerequisites: Victim must open the malicious PLS file · Zinf Audio Player 2.2.1 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by His0k4 · pythonlocalwindows
https://www.exploit-db.com/exploits/8267

This exploit targets a buffer overflow vulnerability in Zinf Audio Player 2.2.1 via a maliciously crafted .pls file. It overwrites the SEH (Structured Exception Handler) to execute arbitrary shellcode, which in this case launches calc.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Zinf Audio Player 2.2.1
No auth needed
Prerequisites: Victim must open the malicious .pls file with Zinf Audio Player 2.2.1
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Houssamix · perllocalwindows
https://www.exploit-db.com/exploits/7888

This exploit targets a local buffer overflow in Zinf Audio Player 2.2.1 via a maliciously crafted PLS file. It uses a universal return address and AlphaNumeric shellcode to execute arbitrary commands (e.g., calc.exe).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Zinf Audio Player 2.2.1
No auth needed
Prerequisites: Victim must open the malicious PLS file with Zinf Audio Player 2.2.1
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Hakxer · perldoswindows
https://www.exploit-db.com/exploits/7887

This exploit demonstrates a buffer overflow vulnerability in Zinf Audio Player 2.2.1 by creating a malicious PLS file with a long string of NOP sleds. The PoC writes a 2000-byte payload to a file, which could trigger a crash or arbitrary code execution when opened by the vulnerable player.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Zinf Audio Player 2.2.1
No auth needed
Prerequisites: Victim must open the malicious PLS file in Zinf Audio Player 2.2.1
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Delikon · clocalwindows
https://www.exploit-db.com/exploits/559

This exploit generates a malicious .pls file that triggers a buffer overflow in Zinf 2.2.1 for Windows, leading to remote code execution via a crafted playlist file. The shellcode downloads and executes a payload from a specified URL.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Zinf 2.2.1 for Windows
No auth needed
Prerequisites: Victim must open the malicious .pls file in Zinf 2.2.1
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/zinfaudioplayer221_pls.rb

This Metasploit module exploits a stack-based buffer overflow in Zinf Audio Player 2.2.1 via a maliciously crafted PLS file. It leverages SEH overwrites to achieve remote code execution when the victim opens the file.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Zinf Audio Player 2.2.1
No auth needed
Prerequisites: Victim must open the malicious PLS file · Zinf Audio Player 2.2.1 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109608092609200&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109638486728548&w=2
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11248
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/12656
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8341
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17491
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2004/dsa-587

Scores

EPSS 0.6268
EPSS Percentile 99.1%

Details

Status published
Products (2)
debian/debian_linux 3.0 (11 CPE variants)
zinf/zinf 2.2.1
Published Feb 09, 2005
Tracked Since Feb 18, 2026