CVE-2010-20111

HIGH

Digital Music Pad v8.2.3.3.4 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-20111. PoCs published by Abhishek Lyall, including Metasploit module exploits/windows/fileformat/digital_music_pad_pls.

AI-analyzed exploit summary This Metasploit module exploits a SEH-based buffer overflow in Digital Music Pad 8.2.3.3.4 by crafting a malicious .pls file. The exploit leverages a controlled SEH overwrite to execute arbitrary payloads via a NOP sled and encoded shellcode.

Description

Digital Music Pad v8.2.3.3.4 contains a stack-based buffer overflow vulnerability in its playlist file parser. When opening a .pls file containing an excessively long string in the File1 field, the application fails to properly validate input length, resulting in corruption of the Structured Exception Handler (SEH) on the stack. This flaw may allow an attacker to control execution flow when the file is opened, potentially leading to arbitrary code execution.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Abhishek Lyall · rubylocalwindows

https://www.exploit-db.com/exploits/15134

View Code ZIP pw:eip

This Metasploit module exploits a SEH-based buffer overflow in Digital Music Pad 8.2.3.3.4 by crafting a malicious .pls file. The exploit leverages a controlled SEH overwrite to execute arbitrary payloads via a NOP sled and encoded shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Digital Music Pad Version 8.2.3.3.4

No auth needed

Prerequisites: Victim must open the malicious .pls file with the vulnerable application

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/digital_music_pad_pls.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Digital Music Pad 8.2.3.3.4 via a malicious PLS file, allowing arbitrary code execution. It uses SEH overwrite and a NOP sled to achieve reliability.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Digital Music Pad Version 8.2.3.3.4

No auth needed

Prerequisites: Victim must open a malicious PLS file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory third-party-advisory

https://web.archive.org/web/20100923154433/http://secunia.com:80/advisories/41519

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/15134

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/digital_music_pad_pls.rb

Various Sources product

https://www.topshareware.com/Digital-Music-Pad-download-79446.htm

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/digital-music-pad-stack-buffer-overflow

Scores

CVSS v4 8.4

EPSS 0.0039

EPSS Percentile 30.5%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

Digital Music Pad/Digital Music Pad < 8.2.3.3.4

Published Aug 21, 2025

Tracked Since Feb 18, 2026