CVE-2011-5165

Free MP3 CD Ripper <= 2.6 - Stack-based Buffer Overflow via Crafted WAV File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 9 public exploits for CVE-2011-5165. PoCs published by naxxo, ThreatActor, TUNISIAN CYBER, including Metasploit module exploits/windows/fileformat/free_mp3_ripper_wav.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in FMCRSetup.exe, leveraging a ROP chain and DEP bypass to execute arbitrary shellcode (calc.exe). It uses a structured SEH overwrite and ROP gadgets to achieve reliable code execution.

Description

Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.

Exploits (9)

exploitdb WORKING POC VERIFIED
by naxxo · pythonlocalwindows
https://www.exploit-db.com/exploits/36827

This exploit targets a buffer overflow vulnerability in FMCRSetup.exe, leveraging a ROP chain and DEP bypass to execute arbitrary shellcode (calc.exe). It uses a structured SEH overwrite and ROP gadgets to achieve reliable code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: FMCRSetup.exe (version unspecified)
No auth needed
Prerequisites: Victim must open the malicious .wav file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ThreatActor · perllocalwindows
https://www.exploit-db.com/exploits/36826

This exploit targets a SEH-based buffer overflow vulnerability in an unspecified software, using a crafted .wav file to deliver a reverse shell payload. It bypasses SEH with a short jump and leverages a POP ESI instruction from ogg.dll for reliable exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unspecified media player or audio processing software (likely vulnerable to malformed WAV files)
No auth needed
Prerequisites: Victim must open the malicious .wav file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by TUNISIAN CYBER · pythonlocalwindows
https://www.exploit-db.com/exploits/36465

This exploit demonstrates a local buffer overflow in Free MP3 CD Ripper by crafting a malicious .wav file with a payload that overwrites the EIP and executes shellcode to spawn calc.exe. It targets specific return addresses on Windows XP/7.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Free MP3 CD Ripper (All versions)
No auth needed
Prerequisites: Local access to the target system · Ability to deliver the malicious .wav file to the victim
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/18142

This exploit targets a stack-based buffer overflow in Free MP3 CD Ripper 1.1 via a malicious WAV file. It leverages SEH overwrites and a jump-back technique to execute arbitrary payloads.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Free MP3 CD Ripper 1.1
No auth needed
Prerequisites: Victim must open the malicious WAV file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by X-h4ck · textlocalwindows
https://www.exploit-db.com/exploits/17727

This exploit demonstrates a local buffer overflow in Free MP3 CD Ripper 1.1 by crafting a malicious .wav file. The payload includes a NOP sled and shellcode to achieve arbitrary code execution when the file is processed by the vulnerable software.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Free MP3 CD Ripper 1.1
No auth needed
Prerequisites: Victim must open the malicious .wav file in Free MP3 CD Ripper 1.1
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Richard leahy · textlocalwindows
https://www.exploit-db.com/exploits/12012

This exploit targets Free MP3 CD Ripper 2.6 via a buffer overflow in the WAV to MP3 conversion feature. It uses a JMP ESP instruction and shellcode to execute arbitrary code (e.g., opening Notepad).

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Free MP3 CD Ripper 2.6
No auth needed
Prerequisites: User interaction to open a maliciously crafted WAV file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by mr_me · phplocalwindows
https://www.exploit-db.com/exploits/11976

This is a stack-based buffer overflow exploit for Free MP3 CD Ripper 2.6, leveraging an egghunter and shellcode to achieve remote code execution. The exploit crafts a malicious WAV file to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Free MP3 CD Ripper 2.6
No auth needed
Prerequisites: Victim must open the malicious WAV file with Free MP3 CD Ripper 2.6
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Richard leahy · rubydoswindows
https://www.exploit-db.com/exploits/11975

This exploit targets a buffer overflow vulnerability in Free MP3 CD Ripper 2.6 by generating a malicious .wav file. The payload consists of a large buffer of 'A's followed by a JMP ESP instruction and a placeholder for shellcode.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Free MP3 CD Ripper 2.6
No auth needed
Prerequisites: User interaction to open the malicious .wav file in the application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by Richard Leahy, X-h4ck, Tiago Henriques · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/free_mp3_ripper_wav.rb

This Metasploit module exploits a stack-based buffer overflow in Free MP3 CD Ripper 1.1 by crafting a malicious WAV file. It leverages SEH overwrites and a p/p/r address in libFLAC.dll to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Free MP3 CD Ripper 1.1
No auth needed
Prerequisites: Victim must open the malicious WAV file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/36465/
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39193
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17727
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39672
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/63349
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18142
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/11976
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/11975
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/36826/
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/36827/

Scores

EPSS 0.7771
EPSS Percentile 99.0%

Details

CWE
CWE-119
Status published
Products (3)
cleanersoft/free_mp3_cd_ripper 1.1
cleanersoft/free_mp3_cd_ripper 2.5
cleanersoft/free_mp3_cd_ripper < 2.6
Published Sep 15, 2012
Tracked Since Feb 18, 2026