CVE-2009-2568

Sorinara Streaming Audio Player 0.9 - Remote Code Execution via Long String in Playlist File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-2568. PoCs published by Stack, Cyber-Zone.

AI-analyzed exploit summary This exploit targets a local stack-based buffer overflow in Streaming Audio Player 0.9 via a maliciously crafted .M3U file. It uses a hardcoded EIP overwrite and shellcode to achieve arbitrary code execution.

Description

Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0.9 allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Stack · perllocalwindows
https://www.exploit-db.com/exploits/8620

This exploit targets a local stack-based buffer overflow in Streaming Audio Player 0.9 via a maliciously crafted .M3U file. It uses a hardcoded EIP overwrite and shellcode to achieve arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Streaming Audio Player 0.9
No auth needed
Prerequisites: Victim must open the malicious .M3U file in Streaming Audio Player 0.9
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Cyber-Zone · perldoswindows
https://www.exploit-db.com/exploits/8617

This Perl script generates a malicious .m3u file that triggers a local buffer overflow in Streaming Audio Player 0.9 by writing an overly long string (509 'A' characters) to the file. The PoC demonstrates control over EIP (41414141) and is designed to crash the application, indicating potential for arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Streaming Audio Player 0.9
No auth needed
Prerequisites: Ability to deliver a malicious .m3u file to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34842
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/8617
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/8620
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50339

Scores

EPSS 0.0618
EPSS Percentile 92.6%

Details

CWE
CWE-119
Status published
Products (1)
sorinara/streaming_audio_player 0.9
Published Jul 22, 2009
Tracked Since Feb 18, 2026