CVE-2009-1325

Mini-stream Ripper 3.0.1.1 - Stack-based Buffer Overflow via Long URI in Playlist File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2009-1325. PoCs published by blake, Cyber-Zone, Stack.

AI-analyzed exploit summary This exploit bypasses DEP (Data Execution Prevention) in Mini-Stream 2.9.7 by leveraging a buffer overflow vulnerability. It uses ROP (Return-Oriented Programming) to disable DEP and execute shellcode that spawns calc.exe.

Description

Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.

Exploits (7)

exploitdb WORKING POC VERIFIED
by blake · pythonlocalwindows
https://www.exploit-db.com/exploits/17847

This exploit bypasses DEP (Data Execution Prevention) in Mini-Stream 2.9.7 by leveraging a buffer overflow vulnerability. It uses ROP (Return-Oriented Programming) to disable DEP and execute shellcode that spawns calc.exe.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mini-Stream 2.9.7
No auth needed
Prerequisites: Windows XP SP3 environment · Mini-Stream 2.9.7 installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Cyber-Zone · perldoswindows
https://www.exploit-db.com/exploits/8402

This Perl script generates a malicious .M3U file that triggers a local stack overflow in Mini-stream Ripper when opened. The exploit uses a long HTTP URL (26129 'A' characters) to overwrite the stack, leading to arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Mini-stream Ripper (version unspecified)
No auth needed
Prerequisites: Victim must open the malicious .M3U file in Mini-stream Ripper
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Stack · perllocalwindows
https://www.exploit-db.com/exploits/8416

This Perl script exploits a stack overflow vulnerability in Mini-stream Ripper 3.0.1.1 by crafting a malicious .m3u file with an overly long HTTP URL and embedded shellcode. The exploit targets a universal return address and includes NOP sleds to ensure reliable execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mini-stream Ripper 3.0.1.1
No auth needed
Prerequisites: Victim must open the malicious .m3u file in Mini-stream Ripper
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC
perldoswindows
https://www.exploit-db.com/exploits/8403

This Perl script generates a malicious .M3U file that triggers a local stack overflow in WM Downloader when parsed, leading to arbitrary code execution via a crafted HTTP URL with an overly long 'A' sequence (26121 bytes). The exploit leverages a buffer overflow vulnerability in the application's handling of M3U playlist files.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WM Downloader (version unspecified)
No auth needed
Prerequisites: Victim must open the malicious .M3U file in WM Downloader
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
perldoswindows
https://www.exploit-db.com/exploits/8404

This Perl script generates a malicious .M3U file that triggers a local stack overflow in RM Downloader when parsed. The exploit uses a long HTTP URL (26109 'A' characters) to overwrite the return address (EIP 0x41414141), demonstrating arbitrary code execution potential.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: RM Downloader (version unspecified)
No auth needed
Prerequisites: Victim must open the crafted .M3U file with RM Downloader
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
perldoswindows
https://www.exploit-db.com/exploits/8405

This Perl script generates a malicious .M3U file that triggers a local stack overflow in Mini-stream RM-MP3 Converter when parsed. The exploit uses a long HTTP URL string to overwrite the stack and control EIP, demonstrating a classic buffer overflow vulnerability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Mini-stream RM-MP3 Converter
No auth needed
Prerequisites: Victim must open the malicious .M3U file with the vulnerable software
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
perldoswindows
https://www.exploit-db.com/exploits/8407

This Perl script generates a malicious .M3U file that triggers a local stack overflow in ASX to MP3 Converter when processed. The exploit uses a long HTTP URL string (26121 'A' characters) to overwrite the stack and control EIP, as demonstrated in the provided OllyDbg registers.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ASX to MP3 Converter (version unspecified)
No auth needed
Prerequisites: Victim must open the crafted .M3U file with ASX to MP3 Converter
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8416
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34692
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8402
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34494
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49844

Scores

EPSS 0.2775
EPSS Percentile 96.6%

Details

CWE
CWE-119
Status published
Products (1)
mini-stream/ripper 3.0.1.1
Published Apr 17, 2009
Tracked Since Feb 18, 2026