CVE-2010-20042

Xion Audio Player <1.0.126 - Buffer Overflow

Title source: llm

Description

Xion Audio Player versions prior to 1.0.126 are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an overly long string that overwrites the Structured Exception Handler (SEH) chain, allowing an attacker to hijack execution flow and run arbitrary code.

Exploits (5)

exploitdb WORKING POC VERIFIED

by s-dz · perldoswindows

https://www.exploit-db.com/exploits/14517

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by anT!-Tr0J4n · perldoswindows

https://www.exploit-db.com/exploits/15598

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/16653

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by corelanc0d3r · pythonlocalwindows

https://www.exploit-db.com/exploits/14633

View Code ZIP pw:eip

metasploit WORKING POC GREAT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/xion_m3u_sehbof.rb

View Code ZIP pw:eip

References (7)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/xion_m3u_sehbof.rb

[Various Sources] https://www.r2.com.au/page/products/download/xion-audio-player/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/14517

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/14633

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/15598

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/16653

[Third Party Advisory] https://www.vulncheck.com/advisories/xion-audio-player-unicode-stack-buffer-overflow

Scores

EPSS 0.0815

EPSS Percentile 92.0%

Classification

CWE

CWE-121

Status draft

Timeline

Published Aug 20, 2025

Tracked Since Feb 18, 2026