CVE-2010-2343

Exploitation Summary

EIP tracks 5 public exploits for CVE-2010-2343. PoCs published by Metasploit, chap0, sud0, including Metasploit module exploits/windows/fileformat/easycdda_pls_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Easy CD-DA Recorder 2007 via a crafted .PLS file, achieving remote code execution through a ROP chain and DEP bypass.

Description

Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.

Exploits (5)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/31643

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Easy CD-DA Recorder 2007 via a crafted .PLS file, achieving remote code execution through a ROP chain and DEP bypass.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Easy CD-DA Recorder 2007 (easycdda.exe 3.0.114.0)

No auth needed

Prerequisites: Victim must open a malicious .PLS file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by chap0 · perllocalwindows

https://www.exploit-db.com/exploits/13761

View Code ZIP pw:eip

This exploit targets a SEH buffer overflow vulnerability in Easy CD-DA Recorder 2007. It constructs a payload with a junk buffer, SEH overwrite, NOP sled, and shellcode to achieve arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Easy CD-DA Recorder 2007

No auth needed

Prerequisites: Victim must open the malicious .pls file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by sud0 · perllocalwindows

https://www.exploit-db.com/exploits/13763

View Code ZIP pw:eip

This exploit leverages a stack-based buffer overflow in Audio Converter 8.1 via a malformed .pls file, using ROP techniques to bypass DEP and execute arbitrary shellcode (e.g., launching calc.exe).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Audio Converter 8.1

No auth needed

Prerequisites: Victim must open a malicious .pls file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by sud0 · pythonlocalwindows

https://www.exploit-db.com/exploits/13760

View Code ZIP pw:eip

This exploit demonstrates a stack-based buffer overflow in Audio Converter 8.1, leveraging SEH overwrite to execute shellcode (calc.exe). The payload is crafted with a specific SEH address and alignment instructions to achieve reliable execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Audio Converter 8.1

No auth needed

Prerequisites: Target running Audio Converter 8.1 on Windows XP SP3 · Ability to deliver a malicious .pls file

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by chap0, Gabor Seljan, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/easycdda_pls_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Easy CD-DA Recorder 2007 via a crafted PLS file. It uses ROP gadgets to bypass DEP and execute arbitrary code on Windows XP SP3 and Windows 7 SP1.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Easy CD-DA Recorder 2007

No auth needed

Prerequisites: Victim must open a specially-crafted PLS file

MITRE ATT&CK