Exploitation Summary
EIP tracks 4 public exploits for CVE-2010-20123.
PoCs published by Metasploit, Oh Yaw Theng, n3w7u, including Metasploit module exploits/windows/fileformat/mymp3player_m3u.
AI-analyzed exploit summary This exploit targets a stack buffer overflow in Steinberg MyMP3Player 3.0 via a crafted M3U file. It includes multiple return address targets for different scenarios, including SEH overwrite, and delivers a payload for arbitrary code execution.
Description
Steinberg MyMP3Player version 3.0 (build 3.0.0.67) is vulnerable to a stack-based buffer overflow when parsing .m3u playlist files. The application fails to properly validate the length of input data within the playlist, allowing a specially crafted file to overwrite critical memory structures and execute arbitrary code. This vulnerability can be exploited locally by convincing a user to open a malicious .m3u file.
Exploits (4)
This exploit targets a stack buffer overflow in Steinberg MyMP3Player 3.0 via a crafted M3U file. It includes multiple return address targets for different scenarios, including SEH overwrite, and delivers a payload for arbitrary code execution.
This exploit targets a buffer overflow vulnerability in myMP3-Player 3.0 by crafting a malicious .m3u file. It overwrites the return address with a JMP ESP instruction and executes a bind shell payload on port 5555.
This Perl script exploits a local buffer overflow vulnerability in myMP3-Player v3.0 via a maliciously crafted .m3u file. It leverages SEH overwrite with a short jump and shellcode to execute arbitrary commands (calc.exe in this case).
This Metasploit module exploits a stack buffer overflow in Steinberg MyMP3Player 3.0 via a crafted M3U file, allowing arbitrary code execution. It supports both direct return address overwrites and SEH-based exploitation techniques.
References (7)
Scores
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N