CVE-2014-9448

Mini-stream RM-MP3 Converter <3.1.2.1.2010.03.30 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2014-9448. PoCs published by SkY-NeT SySteMs, Muhamad Fadzil Ramli, ZoRLu Bugrahan.

AI-analyzed exploit summary This Python script generates a malicious .m3u file that exploits a local buffer overflow vulnerability in Mini-stream RM-MP3 Converter 3.1.2.2. The exploit uses a JMP ESP instruction to redirect execution to a shellcode payload, achieving arbitrary code execution.

Description

Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file.

Exploits (3)

exploitdb WORKING POC VERIFIED

by SkY-NeT SySteMs · pythonlocalwindows

https://www.exploit-db.com/exploits/18726

View Code ZIP pw:eip

This Python script generates a malicious .m3u file that exploits a local buffer overflow vulnerability in Mini-stream RM-MP3 Converter 3.1.2.2. The exploit uses a JMP ESP instruction to redirect execution to a shellcode payload, achieving arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Mini-stream RM-MP3 Converter 3.1.2.2

No auth needed

Prerequisites: Victim must open the malicious .m3u file with the vulnerable software

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC

by Muhamad Fadzil Ramli · rubylocalwindows

https://www.exploit-db.com/exploits/35377

View Code ZIP pw:eip

This Ruby script exploits a SEH-based buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 via a maliciously crafted .wax file. It uses a standard SEH overwrite technique with a NOP sled and shellcode to achieve remote code execution (RCE).

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30

No auth needed

Prerequisites: Victim must open the malicious .wax file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC

by ZoRLu Bugrahan · perldoswindows

https://www.exploit-db.com/exploits/35105

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 via a maliciously crafted .wax file. It overwrites the EIP register with a JMP ESP address and executes shellcode to spawn calc.exe.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30

No auth needed

Prerequisites: Victim must open the malicious .wax file with the vulnerable software

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/35377

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/35105

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/show/osvdb/81080

Scores

EPSS 0.0819

EPSS Percentile 92.4%

Details

CWE

CWE-119

Status published

Products (1)

mini-stream/rm-mp3_converter 3.1.2.1.2010.03.30

Published Jan 02, 2015

Tracked Since Feb 18, 2026