CVE-2012-0270

Csound < 5.16.6 - Remote Code Execution via Crafted HETRO or PVOC File

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-0270. PoCs published by Metasploit, Secunia, juan vazquez, including Metasploit module exploits/windows/fileformat/csound_getnum_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Csound before 5.16.6 via a malicious hetro file. It achieves remote code execution by overwriting the return address and executing payload shellcode.

Description

Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file to the getnum function in util/pv_import.c.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/18710

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Csound before 5.16.6 via a malicious hetro file. It achieves remote code execution by overwriting the return address and executing payload shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Csound < 5.16.6

No auth needed

Prerequisites: User interaction to import the malicious hetro file via csound

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Secunia, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/csound_getnum_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Csound before 5.16.6 via a malicious hetro file. It achieves remote code execution by overwriting the return address and executing shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Csound before 5.16.6

No auth needed

Prerequisites: Victim must import the malicious hetro file via csound with the 'het_import' command

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory x_refsource_misc

http://secunia.com/secunia_research/2012-3/

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/47585

Vendor Advisory x_refsource_confirm

http://sourceforge.net/projects/csound/files/csound5/csound5.16/Version5.16_Notes/view

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00027.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2012-03/msg00027.html

Scores

EPSS 0.5467

EPSS Percentile 98.9%

Details

CWE

CWE-119

Status published

Products (9)

csounds/csound 5.12.4

csounds/csound 5.13.0

csounds/csound 5.13.1

csounds/csound 5.14.0

csounds/csound 5.14.1

csounds/csound 5.14.2

csounds/csound 5.15.0

csounds/csound 5.16

csounds/csound < 5.16.1

Published Feb 17, 2014

Tracked Since Feb 18, 2026