CVE-2009-3170
AIMP2 Audio Converter < 2.53 - Stack-based Buffer Overflow via Long File1 Argument in Playlist File
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2009-3170. PoCs published by mr_me, corelanc0d3r.
AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in AIMP2 via a malformed .pls playlist file. It uses a Unicode-based SEH overwrite technique to execute a bind shell payload on port 1337.
Description
Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a (1) .pls or (2) .m3u playlist file.
Exploits (3)
This exploit targets a buffer overflow vulnerability in AIMP2 via a malformed .pls playlist file. It uses a Unicode-based SEH overwrite technique to execute a bind shell payload on port 1337.
This exploit targets a buffer overflow vulnerability in AIMP2 Audio Converter (CVE-2009-3170) via a malformed .pls playlist file. It uses SEH overwrite and Unicode-compatible shellcode to achieve remote code execution on Windows XP SP3.
This PoC exploits a Unicode buffer overflow in AIMP2 Audio Converter <= 2.53 (build 330) via a crafted .pls file. It triggers a crash by overwriting the SEH handler, though it does not achieve full code execution.