CVE-2009-1815

Sonic Spot Audioactive Player 1.93b - Stack-based Buffer Overflow via Playlist File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-1815. PoCs published by His0k4, hack4love.

AI-analyzed exploit summary This exploit targets a local buffer overflow vulnerability in Audioactive Player 1.93b via a maliciously crafted .m3u file. It leverages SEH overwrite with a reverse jump and shellcode to execute arbitrary commands (e.g., calc.exe).

Description

Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b allows remote attackers to execute arbitrary code via a long string in a playlist file, as demonstrated by a long .mp3 URL in a .m3u file.

Exploits (2)

exploitdb WORKING POC VERIFIED
by His0k4 · pythonlocalwindows
https://www.exploit-db.com/exploits/8701

This exploit targets a local buffer overflow vulnerability in Audioactive Player 1.93b via a maliciously crafted .m3u file. It leverages SEH overwrite with a reverse jump and shellcode to execute arbitrary commands (e.g., calc.exe).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Audioactive Player 1.93b
No auth needed
Prerequisites: Victim must open the malicious .m3u file in Audioactive Player
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by hack4love · perllocalwindows
https://www.exploit-db.com/exploits/8698

This exploit targets a local buffer overflow in Audioactive Player v1.93b via a maliciously crafted .m3u file. It uses a JMP ESP instruction from ntdll.dll and a Metasploit-generated shellcode to execute arbitrary commands (e.g., calc.exe).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Audioactive Player v1.93b
No auth needed
Prerequisites: Victim must open the malicious .m3u file in Audioactive Player v1.93b
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34987
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8701
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1339
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8698

Scores

EPSS 0.0585
EPSS Percentile 92.2%

Details

CWE
CWE-119
Status published
Products (1)
sonicspot/audioactive_player 1.93b
Published May 29, 2009
Tracked Since Feb 18, 2026