CVE-2009-1329

Mini-stream Shadow Stream Recorder 3.0.1.7 - Remote Code Execution via Long URI in Playlist File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2009-1329. PoCs published by AlpHaNiX, Cyber-Zone.

AI-analyzed exploit summary This Perl script exploits a local stack overflow vulnerability in Shadow Stream Recorder via a maliciously crafted .m3u file. It includes multiple payloads (bind shell, command execution, and user addition) encoded with Metasploit's PexFnstenvSub encoder.

Description

Stack-based buffer overflow in Mini-stream Shadow Stream Recorder 3.0.1.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.

Exploits (7)

exploitdb WORKING POC VERIFIED
by AlpHaNiX · perllocalwindows
https://www.exploit-db.com/exploits/8426

This Perl script exploits a local stack overflow vulnerability in Shadow Stream Recorder via a maliciously crafted .m3u file. It includes multiple payloads (bind shell, command execution, and user addition) encoded with Metasploit's PexFnstenvSub encoder.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Shadow Stream Recorder (version unspecified)
No auth needed
Prerequisites: Victim must open the malicious .m3u file in Shadow Stream Recorder
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Cyber-Zone · perldoswindows
https://www.exploit-db.com/exploits/8405

This Perl script generates a malicious .M3U file that triggers a local stack overflow in Mini-stream RM-MP3 Converter when parsed. The exploit uses a long HTTP URL string (26121 'A' characters) to overwrite the stack, leading to arbitrary code execution (EIP control).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Mini-stream RM-MP3 Converter (version unspecified)
No auth needed
Prerequisites: Victim must open the crafted .M3U file with Mini-stream RM-MP3 Converter
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC
pythonlocalwindows
https://www.exploit-db.com/exploits/8427

This exploit targets a stack overflow vulnerability in Easy RM to MP3 Converter by crafting a malicious .pls file with a long string of junk data, a specific EIP overwrite address, NOP sled, and shellcode to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Easy RM to MP3 Converter
No auth needed
Prerequisites: Victim must open the malicious .pls file with the vulnerable software
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
perldoswindows
https://www.exploit-db.com/exploits/8403

This Perl script generates a malicious .M3U file that triggers a local stack overflow in WM Downloader when parsed, leading to arbitrary code execution. The exploit leverages a buffer overflow vulnerability by crafting an overly long HTTP URL string.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WM Downloader (version unspecified)
No auth needed
Prerequisites: Victim must open the crafted .M3U file in WM Downloader
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
perldoswindows
https://www.exploit-db.com/exploits/8404

This Perl script generates a malicious .M3U file that triggers a local stack overflow in RM Downloader when parsed. The exploit uses a long HTTP URL (26109 'A' characters) to overwrite the stack and crash the application, demonstrating a buffer overflow vulnerability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: RM Downloader (version unspecified)
No auth needed
Prerequisites: Victim must open the malicious .M3U file with RM Downloader
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
perldoswindows
https://www.exploit-db.com/exploits/8402

This Perl script generates a malicious .M3U file that triggers a local stack overflow in Mini-stream Ripper when parsed. The exploit uses a long HTTP URL string (26129 'A' characters) to overwrite the stack and control EIP, demonstrating a classic buffer overflow vulnerability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Mini-stream Ripper (version unspecified)
No auth needed
Prerequisites: Victim must open the malicious .M3U file in Mini-stream Ripper
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
perldoswindows
https://www.exploit-db.com/exploits/8407

This Perl script generates a malicious .M3U file that triggers a local stack overflow in ASX to MP3 Converter when processed. The exploit uses a long HTTP URL string (26121 'A' characters) to overwrite the stack, leading to arbitrary code execution (EIP control).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ASX to MP3 Converter (version unspecified, likely <= 2009 release)
No auth needed
Prerequisites: Victim must open the crafted .M3U file with ASX to MP3 Converter
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34719
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34494
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8405/
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8426

Scores

EPSS 0.2775
EPSS Percentile 96.6%

Details

CWE
CWE-119
Status published
Products (1)
mini-stream/shadow_stream_recorder 3.0.1.7
Published Apr 17, 2009
Tracked Since Feb 18, 2026