CVE-2009-1645

Mini-stream Easy RM-MP3 Converter 3.0.0.7 - Remote Code Execution via Long RTSP URL or HREF Attribute

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-1645. PoCs published by G4N0K.

AI-analyzed exploit summary This Perl script exploits a local buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 by crafting a malicious .RAM file with an overly long RTSP URL, followed by a return address and shellcode to execute arbitrary commands (e.g., calc.exe).

Description

Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.

Exploits (2)

exploitdb WORKING POC VERIFIED
by G4N0K · perllocalwindows
https://www.exploit-db.com/exploits/8633

This Perl script exploits a local buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 by crafting a malicious .RAM file with an overly long RTSP URL, followed by a return address and shellcode to execute arbitrary commands (e.g., calc.exe).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mini-stream RM-MP3 Converter 3.0.0.7
No auth needed
Prerequisites: Victim must open the malicious .RAM file with the vulnerable software
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by G4N0K · perllocalwindows
https://www.exploit-db.com/exploits/8634

This Perl script generates a malicious .ASX file that exploits a local buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 via an overly long HREF attribute. It includes a Metasploit-generated shellcode payload to execute arbitrary commands (e.g., calc.exe).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mini-stream RM-MP3 Converter 3.0.0.7
No auth needed
Prerequisites: Victim must open the malicious .ASX file with the vulnerable software
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34864
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34860
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8633
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50376
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8634

Scores

EPSS 0.0709
EPSS Percentile 93.4%

Details

CWE
CWE-119
Status published
Products (1)
mini-stream/easy_rm-mp3_converter 3.0.0.7
Published May 15, 2009
Tracked Since Feb 18, 2026