CVE-2009-0476

MultiMedia Soft AdjMmsEng.dll <7.11.2.7 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 10 public exploits for CVE-2009-0476. PoCs published by sanjeev gupta, Metasploit, Sébastien Duquette, including Metasploit module exploits/windows/fileformat/audio_wkstn_pls.

AI-analyzed exploit summary This exploit targets a SEH-based buffer overflow in MP3 Workstation 9.2.1.1.2 by crafting a malicious .pls file. It uses a NOP sled, SEH overwrite, and shellcode to achieve remote code execution.

Description

Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, as originally reported for Euphonics Audio Player 1.0. NOTE: some of these details are obtained from third party information.

Exploits (10)

exploitdb WORKING POC VERIFIED
by sanjeev gupta · perllocalwindows
https://www.exploit-db.com/exploits/15013

This exploit targets a SEH-based buffer overflow in MP3 Workstation 9.2.1.1.2 by crafting a malicious .pls file. It uses a NOP sled, SEH overwrite, and shellcode to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MP3 Workstation 9.2.1.1.2
No auth needed
Prerequisites: Vulnerable version of MP3 Workstation installed · Ability to deliver malicious .pls file to target
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16626

This Metasploit module exploits a stack-based buffer overflow in Audiotran 1.4.1 via a maliciously crafted PLS file. It generates a payload with SEH overwrite to achieve remote code execution when the victim opens the file.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Audiotran 1.4.1
No auth needed
Prerequisites: Victim must open the malicious PLS file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Sébastien Duquette · rubylocalwindows
https://www.exploit-db.com/exploits/11079

This exploit targets a stack overflow vulnerability in Audiotran 1.4.1 via a malformed .pls file. It leverages SEH overwrite and shellcode execution to achieve remote code execution on Windows XP SP2/SP3.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Audiotran 1.4.1
No auth needed
Prerequisites: Victim must open the malformed .pls file in Audiotran 1.4.1
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by germaya_x · perllocalwindows
https://www.exploit-db.com/exploits/10353

This exploit targets a local buffer overflow vulnerability in Audio Workstation 6.4.2.4.0 via a malformed .pls file, leveraging SEH overwrite to execute shellcode. The payload is crafted to trigger a reverse shell or arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Audio Workstation 6.4.2.4.0
No auth needed
Prerequisites: Victim must open the malformed .pls file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Houssamix · perllocalwindows
https://www.exploit-db.com/exploits/7973

This exploit targets a local buffer overflow in Euphonics Audio Player v1.0 via a maliciously crafted .pls file. It uses a universal return address and shellcode to execute arbitrary commands (e.g., calc.exe).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Euphonics Audio Player v1.0
No auth needed
Prerequisites: Victim must open the malicious .pls file with Euphonics Audio Player v1.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Single Eye · clocalwindows
https://www.exploit-db.com/exploits/7974

This exploit generates a malicious .pls file containing a buffer overflow payload targeting a vulnerability in Winamp. The shellcode is designed to execute arbitrary code when the file is opened.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Winamp (likely versions prior to 5.55)
No auth needed
Prerequisites: Victim must open the malicious .pls file in Winamp
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by h4ck3r#47 · perllocalwindows
https://www.exploit-db.com/exploits/7958

This exploit targets a local buffer overflow in Euphonics Audio Player v1.0 via a malformed .pls file. It uses a JMP ESP address from kernel32.dll and executes a Metasploit-generated shellcode to spawn calc.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Euphonics Audio Player v1.0
No auth needed
Prerequisites: Victim must open the malicious .pls file with Euphonics Audio Player v1.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by germaya_x, dookie · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/audio_wkstn_pls.rb

This Metasploit module exploits a buffer overflow in Audio Workstation 6.4.2.4.3 by crafting a malicious .pls file. It leverages SEH overwrites and alphanumeric shellcode to achieve remote code execution on Windows systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Audio Workstation 6.4.2.4.3
No auth needed
Prerequisites: Victim must open the malicious .pls file in Audio Workstation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by Philip OKeefe · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/audiotran_pls_1424.rb

This Metasploit module exploits a stack-based buffer overflow in Audiotran 1.4.2.4 via a maliciously crafted PLS file. It leverages SEH overwrite to achieve remote code execution when the victim opens the file.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Audiotran 1.4.2.4
No auth needed
Prerequisites: Victim must open the malicious PLS file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by Sebastien Duquette, dookie · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/audiotran_pls.rb

This Metasploit module exploits a stack-based buffer overflow in Audiotran 1.4.1 via a maliciously crafted PLS file. It leverages SEH overwrites to achieve remote code execution on Windows systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Audiotran 1.4.1
No auth needed
Prerequisites: Victim must open the malicious PLS file · Audiotran 1.4.1 installed on target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7958
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/500652/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33817
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33791
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33589
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7973
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7974
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0316

Scores

EPSS 0.8326
EPSS Percentile 99.3%

Details

CWE
CWE-119
Status published
Products (5)
multimediasoft/audio_dj_studio_for_.net
multimediasoft/audio_sound_editer_for_.net
multimediasoft/audio_sound_recorder_for_.net
multimediasoft/audio_sound_studio_for_.net
multimediasoft/audio_sound_suite_for_.net
Published Feb 08, 2009
Tracked Since Feb 18, 2026