CVE-2018-25383

HIGH

Free MP3 CD Ripper 2.8 Buffer Overflow SEH DEP Bypass

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25383. PoCs published by Matteo Malvica.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in Free MP3 CD Ripper 2.8, leveraging SEH overwrite and DEP bypass via ROP chain to achieve remote code execution (calc.exe). The payload is crafted with a custom ROP chain and shellcode generated using msfvenom.

Description

Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Attackers can craft a malicious WMA file that triggers the overflow when loaded through the Convert function, enabling execution of arbitrary code through ROP chain gadgets and shellcode injection.

Exploits (1)

exploitdb WORKING POC

by Matteo Malvica · pythonlocalwindows_x86-64

https://www.exploit-db.com/exploits/45565

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in Free MP3 CD Ripper 2.8, leveraging SEH overwrite and DEP bypass via ROP chain to achieve remote code execution (calc.exe). The payload is crafted with a custom ROP chain and shellcode generated using msfvenom.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Free MP3 CD Ripper 2.8

No auth needed

Prerequisites: DEP enabled on target system · User interaction to load malicious .wma file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 29, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-45565

https://www.exploit-db.com/exploits/45565

Product product

Product Reference

http://www.commentcamarche.net/download/telecharger-34082200-free-mp3-cd-ripper

Third Party Advisory third-party-advisory

VulnCheck Advisory: Free MP3 CD Ripper 2.8 Buffer Overflow SEH DEP Bypass

https://www.vulncheck.com/advisories/free-mp3-cd-ripper-buffer-overflow-seh-dep-bypass

Scores

CVSS v3 8.4

EPSS 0.0018

EPSS Percentile 7.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

Commentcamarche/Free MP3 CD Ripper 2.8

Published May 29, 2026

Tracked Since May 29, 2026