CVE-2009-1328

Mini-stream RM-MP3 Converter 3.0.0.7 - Stack-based Buffer Overflow via Long URI in Playlist File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2009-1328. PoCs published by Ptrace Security, Cyber-Zone, Stack.

AI-analyzed exploit summary This is a functional exploit for a local buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30, leveraging ROP chains to bypass ASLR and DEP, ultimately achieving arbitrary code execution.

Description

Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.

Exploits (7)

exploitdb WORKING POC VERIFIED
by Ptrace Security · pythonlocalwindows
https://www.exploit-db.com/exploits/20116

This is a functional exploit for a local buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30, leveraging ROP chains to bypass ASLR and DEP, ultimately achieving arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30
No auth needed
Prerequisites: Local access to the target system · Ability to deliver the malicious .m3u file
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Cyber-Zone · perldoswindows
https://www.exploit-db.com/exploits/8405

This Perl script generates a malicious .M3U file that triggers a local stack overflow in Mini-stream RM-MP3 Converter when parsed. The exploit uses a long HTTP URL string (26121 'A' characters) to overwrite the stack, leading to arbitrary code execution (EIP control).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Mini-stream RM-MP3 Converter (version unspecified)
No auth needed
Prerequisites: Victim must open the crafted .M3U file with Mini-stream RM-MP3 Converter
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Stack · perllocalwindows
https://www.exploit-db.com/exploits/8413

This Perl script exploits a stack overflow vulnerability in Mini-stream RM-MP3 Converter 3.0.0.7 by crafting a malicious .m3u file with an overly long HTTP URL, a return address, NOP sled, and shellcode to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mini-stream RM-MP3 Converter 3.0.0.7
No auth needed
Prerequisites: Victim must open the malicious .m3u file in the vulnerable software
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC
perldoswindows
https://www.exploit-db.com/exploits/8403

This Perl script generates a malicious .M3U file that triggers a local stack overflow in WM Downloader when parsed. The exploit uses a long HTTP URL (26121 'A' characters) to overwrite the stack, leading to arbitrary code execution via EIP control.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WM Downloader (version unspecified)
No auth needed
Prerequisites: Victim must open the crafted .M3U file in WM Downloader
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
perldoswindows
https://www.exploit-db.com/exploits/8404

This Perl script generates a malicious .M3U file that triggers a local stack overflow in RM Downloader when parsed. The exploit uses a long HTTP URL (26109 'A' characters) to overwrite the stack, leading to arbitrary code execution (EIP control demonstrated with 0x41414141).

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: RM Downloader (version unspecified, likely <= 2009 release)
No auth needed
Prerequisites: Victim must open the crafted .M3U file with RM Downloader
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
perldoswindows
https://www.exploit-db.com/exploits/8402

This Perl script generates a malicious .M3U file that triggers a local stack overflow in Mini-stream Ripper when parsed. The exploit uses a long HTTP URL (26129 'A' characters) to overwrite the stack, leading to arbitrary code execution via EIP control.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Mini-stream Ripper (version unspecified)
No auth needed
Prerequisites: Victim must open the crafted .M3U file in Mini-stream Ripper
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
perldoswindows
https://www.exploit-db.com/exploits/8407

This Perl script generates a malicious .M3U file that triggers a local stack overflow in ASX to MP3 Converter when processed. The exploit uses a long HTTP URL string (26121 'A' characters) to overwrite the EIP register, demonstrating a classic buffer overflow vulnerability.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ASX to MP3 Converter (version unspecified)
No auth needed
Prerequisites: Victim must open the crafted .M3U file with the vulnerable ASX to MP3 Converter software
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49841
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34494
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34653
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8405
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8413

Scores

EPSS 0.2775
EPSS Percentile 96.6%

Details

CWE
CWE-119
Status published
Products (1)
mini-stream/rm-mp3_converter 3.0.0.7
Published Apr 17, 2009
Tracked Since Feb 18, 2026