CVE-2010-20111

HIGH

Digital Music Pad v8.2.3.3.4 - Buffer Overflow

Title source: llm

Description

Digital Music Pad v8.2.3.3.4 contains a stack-based buffer overflow vulnerability in its playlist file parser. When opening a .pls file containing an excessively long string in the File1 field, the application fails to properly validate input length, resulting in corruption of the Structured Exception Handler (SEH) on the stack. This flaw may allow an attacker to control execution flow when the file is opened, potentially leading to arbitrary code execution.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Abhishek Lyall · rubylocalwindows

https://www.exploit-db.com/exploits/15134

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/digital_music_pad_pls.rb

View Code ZIP pw:eip

References (5)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/digital_music_pad_pls.rb

[Various Sources] https://www.topshareware.com/Digital-Music-Pad-download-79446.htm

[Third Party Advisory] https://web.archive.org/web/20100923154433/http://secunia.com:80/advisories/41519

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/15134

[Third Party Advisory] https://www.vulncheck.com/advisories/digital-music-pad-stack-buffer-overflow

Scores

CVSS v4 8.4

EPSS 0.0815

EPSS Percentile 92.2%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

Digital Music Pad/Digital Music Pad < 8.2.3.3.4

Published Aug 21, 2025

Tracked Since Feb 18, 2026