CVE-2009-2485

Exploitation Summary

EIP tracks 4 public exploits for CVE-2009-2485. PoCs published by Metasploit, His0k4, hack4love, including Metasploit module exploits/windows/fileformat/ht_mp3player_ht3_bof.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in HT-MP3Player 1.0 by crafting a malicious .HT3 file. It leverages SEH overwrites and a custom payload to achieve remote code execution.

Description

Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a .ht3 file.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/16646

View Code ZIP pw:eip

This exploit targets a stack buffer overflow in HT-MP3Player 1.0 by crafting a malicious .HT3 file. It leverages SEH overwrites and a custom payload to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HT-MP3Player 1.0

No auth needed

Prerequisites: User interaction to open the malicious .HT3 file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by His0k4 · pythonlocalwindows

https://www.exploit-db.com/exploits/9038

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in HT-MP3Player 1.0 via a malformed .ht3 file. It leverages SEH overwrite with a PexAlphaNum-encoded calc.exe payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HT-MP3Player 1.0

No auth needed

Prerequisites: Victim must open the malicious .ht3 file

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by hack4love · perllocalwindows

https://www.exploit-db.com/exploits/9034

View Code ZIP pw:eip

This exploit targets a local buffer overflow vulnerability in HT-MP3Player 1.0 via a maliciously crafted .ht3 file. It leverages SEH overwrite with a custom payload to achieve arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HT-MP3Player 1.0

No auth needed

Prerequisites: Local access to the target system · Ability to deliver the .ht3 file to the target

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GOOD

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/ht_mp3player_ht3_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in HT-MP3Player 1.0 via a crafted .HT3 file. It leverages SEH overwrite and alphanumeric encoding to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HT-MP3Player 1.0

No auth needed

Prerequisites: User interaction to open the malicious .HT3 file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9034

HT-MP3Player 1.0 - Stack-Based Buffer Overflow via Long String in .ht3 File

Exploitation Summary

Description

Exploits (4)

References (1)

Scores

Details