CVE-2009-20002

HIGH

Millenium MP3 Studio <=2.0 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-20002. PoCs published by Molotov, hack4love, Molotov, dookie, jduck, including Metasploit module exploits/windows/fileformat/millenium_mp3_pls.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Millenium MP3 Studio 2.0 by crafting a malicious .pls playlist file. The payload includes a SEH overwrite and shellcode to achieve remote code execution.

Description

Millenium MP3 Studio versions up to and including 2.0 is vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application fails to properly validate the length of the File1 field within the playlist, allowing an attacker to craft a malicious .pls file that overwrites the Structured Exception Handler (SEH) and executes arbitrary code. Exploitation requires the victim to open the file locally, though remote execution may be possible if the .pls extension is registered to the application and opened via a browser.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Molotov · pythonlocalwindows
https://www.exploit-db.com/exploits/10240

This exploit targets a buffer overflow vulnerability in Millenium MP3 Studio 2.0 by crafting a malicious .pls playlist file. The payload includes a SEH overwrite and shellcode to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Millenium MP3 Studio 2.0
No auth needed
Prerequisites: Victim must open the malicious .pls file in Millenium MP3 Studio 2.0
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by hack4love · pythonlocalwindows
https://www.exploit-db.com/exploits/9618

This exploit leverages a buffer overflow vulnerability in Millenium MP3 Studio by crafting malicious PLF, MPF, and M3U files with a long string of 'A's to overwrite the SEH handler, followed by a NOP sled and shellcode for arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Millenium MP3 Studio (version not specified)
No auth needed
Prerequisites: Victim must open the malicious PLF, MPF, or M3U file in Millenium MP3 Studio
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC GREAT
by Molotov, dookie, jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/millenium_mp3_pls.rb

This Metasploit module exploits a stack-based buffer overflow in Millenium MP3 Studio 2.0 via a maliciously crafted PLS file. It leverages SEH overwrites and a jump-back shellcode technique to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Millenium MP3 Studio 2.0
No auth needed
Prerequisites: Victim must open the malicious PLS file · PLS file extension associated with Millenium MP3 Studio
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v4 8.4
EPSS 0.0045
EPSS Percentile 35.9%
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-121
Status published
Products (1)
Millenium/MP3 Studio < 2.0
Published Aug 21, 2025
Tracked Since Feb 18, 2026