Exploitation Summary
EIP tracks 5 public exploits for CVE-2009-4656.
PoCs published by Metasploit, Sébastien Duquette, prodigy, including Metasploit module exploits/windows/fileformat/djstudio_pls_bof.
AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in DJ Studio Pro 5.1.6.5.2 via a maliciously crafted .pls file, allowing arbitrary code execution under the context of the user.
Description
Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2.2.7.5, and 5.x including 5.1.4.3.1, allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a playlist file (.pls) containing a long string. NOTE: some of these details are obtained from third party information.
Exploits (5)
This Metasploit module exploits a stack-based buffer overflow in DJ Studio Pro 5.1.6.5.2 via a maliciously crafted .pls file, allowing arbitrary code execution under the context of the user.
This exploit targets DJ Studio Pro 5.1.6.5.2 via a SEH overflow in a .pls file, using a hardcoded pop-pop-ret address and shellcode to execute calc.exe. The payload is crafted to trigger the vulnerability when the file is opened.
This exploit generates a malicious .PLS file with an excessively long string to trigger a buffer overflow in DJ Studio Pro 4.2, leading to a crash (DoS). The PoC is straightforward and demonstrates the vulnerability by creating a file with a large payload.
This exploit targets a stack-based buffer overflow in DJ Studio Pro 5.1.6.5.2 via a maliciously crafted PLS file. It leverages SEH overwrites to achieve remote code execution when the victim opens the file.
This Metasploit module exploits a stack-based buffer overflow in DJ Studio Pro 5.1.6.5.2 by crafting a malicious .pls file, leading to remote code execution under the context of the user.