CVE-2010-2329

Rosoft Audio Converter 4.4.4 - Remote Code Execution via Long Playlist Entry in .m3u File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2329. PoCs published by blake.

AI-analyzed exploit summary This exploit leverages a buffer overflow in Rosoft Audio Converter 4.4.4 by crafting a malicious .m3u file. The payload includes shellcode to execute calc.exe and manipulates the SEH chain for control flow redirection.

Description

Buffer overflow in Rosoft Audio Converter 4.4.4 allows remote attackers to execute arbitrary code via a long playlist entry in a .m3u file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by blake · pythonlocalwindows
https://www.exploit-db.com/exploits/13895

This exploit leverages a buffer overflow in Rosoft Audio Converter 4.4.4 by crafting a malicious .m3u file. The payload includes shellcode to execute calc.exe and manipulates the SEH chain for control flow redirection.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Rosoft Audio Converter 4.4.4
No auth needed
Prerequisites: Victim must open the malicious .m3u file in Rosoft Audio Converter
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/65542
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/59483
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40195
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/40878
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/13895

Scores

EPSS 0.0677
EPSS Percentile 93.2%

Details

CWE
CWE-119
Status published
Products (1)
rosoftengineering/rosoft_audio_converter 4.4.4
Published Jun 18, 2010
Tracked Since Feb 18, 2026