CVE-2009-0182

This exploit targets a buffer overflow vulnerability in VUPlayer <= 2.49 via a maliciously crafted .PLS playlist file. It uses a universal JMP ESP address in BASS.DLL and executes a calc.exe payload via shellcode.

This exploit leverages a local buffer overflow in VUPlayer 2.49 via a maliciously crafted .wax playlist file to achieve arbitrary code execution, bypassing DEP using ROP chains targeting non-ASLR modules (BASS.dll, BASSMIDI.dll). The payload includes a calc.exe shellcode generated with msfvenom.

This repository contains functional exploit code for CVE-2009-0182, demonstrating a local buffer overflow in VUPlayer 2.49 via a crafted .wax playlist file. It includes two PoCs: one for standard exploitation and another with a ROP chain to bypass DEP.

This Metasploit module exploits a stack-based buffer overflow in VUPlayer <= 2.49 via a maliciously crafted CUE file. It leverages a hardcoded return address (0x1010539f) to execute arbitrary shellcode, achieving remote code execution.