CVE-2009-3449

MP3 Collector 2.3 - Denial of Service via Long URL in M3U Playlist File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3449. PoCs published by zAx.

AI-analyzed exploit summary This exploit generates a malformed M3U file with an overly long string to trigger a local crash in MP3 Collector 2.3. The PoC demonstrates a denial-of-service (DoS) condition by exploiting a buffer overflow vulnerability.

Description

MP3 Collector 2.3 allows remote attackers to cause a denial of service (application crash) via a long URL in a .m3u playlist file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by zAx · perldoswindows

https://www.exploit-db.com/exploits/9689

View Code ZIP pw:eip

This exploit generates a malformed M3U file with an overly long string to trigger a local crash in MP3 Collector 2.3. The PoC demonstrates a denial-of-service (DoS) condition by exploiting a buffer overflow vulnerability.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: MP3 Collector 2.3

No auth needed

Prerequisites: Local access to the target system · MP3 Collector 2.3 installed

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9689

Scores

EPSS 0.0188

EPSS Percentile 76.7%

Details

Status published

Products (1)

collectorz/mp3_collector 2.3

Published Sep 29, 2009

Tracked Since Feb 18, 2026