CVE-2009-1830

Soulseek 156 and 157 NS - Stack-Based Buffer Overflow via Long Search Query

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-1830. PoCs published by laurent gaffié, His0k4.

AI-analyzed exploit summary This exploit targets a remote SEH overwrite vulnerability in Soulseek 157 NS < 13e & 156.* via a malformed peer search query. It sends a crafted buffer to overwrite the SEH handler, potentially leading to remote code execution.

Description

Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote attackers to execute arbitrary code via a long search query.

Exploits (3)

exploitdb WORKING POC VERIFIED
by laurent gaffié · textdoswindows
https://www.exploit-db.com/exploits/9084

This exploit targets a remote SEH overwrite vulnerability in Soulseek 157 NS < 13e & 156.* via a malformed peer search query. It sends a crafted buffer to overwrite the SEH handler, potentially leading to remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Soulseek 157 NS < 13e & 156.*
No auth needed
Prerequisites: Target IP and port · Vulnerable Soulseek client version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by His0k4 · pythonremotewindows
https://www.exploit-db.com/exploits/8804

This exploit targets a remote SEH overwrite vulnerability in Soulseek 157 NS. It sends a crafted payload to trigger the vulnerability and execute a calc.exe payload via shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Soulseek 157 NS 12d
No auth needed
Prerequisites: Network access to the target Soulseek server · Target running Soulseek 157 NS 12d
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by laurent gaffié · textdoswindows
https://www.exploit-db.com/exploits/8777

This exploit targets a remote SEH overwrite vulnerability in Soulseek 157 NS and 156.* via a malformed distributed search query. It sends a crafted buffer to trigger the vulnerability, leading to arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Soulseek 157 NS and 156.*
No auth needed
Prerequisites: Network access to the target Soulseek client · Target must be using the vulnerable Soulseek version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1427
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8804
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8777
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35091
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35186
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0210.html

Scores

EPSS 0.0857
EPSS Percentile 94.4%

Details

CWE
CWE-119
Status published
Products (2)
slsknet/soulseek 156
slsknet/soulseek 157_ns
Published May 29, 2009
Tracked Since Feb 18, 2026