CVE-2007-6731

Extended Module Player < 2.5.1 - Remote Code Execution via OXM File Negative Value Bypass

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6731. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit targets multiple buffer overflow vulnerabilities in Extended Module Player (xmp) by crafting malicious OXM or DTT files. It demonstrates arbitrary code execution via controlled buffer overflows in the application's file parsing logic.

Description

Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · cdoslinux

https://www.exploit-db.com/exploits/30942

View Code ZIP pw:eip

This exploit targets multiple buffer overflow vulnerabilities in Extended Module Player (xmp) by crafting malicious OXM or DTT files. It demonstrates arbitrary code execution via controlled buffer overflows in the application's file parsing logic.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Extended Module Player <= 2.5.1

No auth needed

Prerequisites: Ability to deliver a malicious OXM or DTT file to the target system

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0009

Exploit x_refsource_misc

http://aluigi.altervista.org/adv/xmpbof-adv.txt

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27047

Scores

EPSS 0.1407

EPSS Percentile 96.1%

Details

CWE

CWE-94

Status published

Products (9)

claudio_matsuoka/extended_module_player 2.2.0

claudio_matsuoka/extended_module_player 2.2.1

claudio_matsuoka/extended_module_player 2.3.0

claudio_matsuoka/extended_module_player 2.3.1

claudio_matsuoka/extended_module_player 2.3.2

claudio_matsuoka/extended_module_player 2.4.0

claudio_matsuoka/extended_module_player 2.4.1

claudio_matsuoka/extended_module_player 2.5.0

claudio_matsuoka/extended_module_player < 2.5.1

Published Sep 13, 2009

Tracked Since Feb 18, 2026