CVE-2020-37013

HIGH

Audio Playback Recorder 3.2.2 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37013. PoCs published by Felipe Winsnes.

AI-analyzed exploit summary This exploit demonstrates a local buffer overflow vulnerability in Audio Playback Recorder 3.2.2 via SEH overwrite, leading to arbitrary code execution (calc.exe). The PoC generates two files: 'poc.txt' (malicious payload) and 'buf.txt' (shellcode).

Description

Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler (SEH) to execute shellcode when pasting specially crafted input into the application's input fields.

Exploits (1)

exploitdb WORKING POC
by Felipe Winsnes · pythonlocalwindows
https://www.exploit-db.com/exploits/48796

This exploit demonstrates a local buffer overflow vulnerability in Audio Playback Recorder 3.2.2 via SEH overwrite, leading to arbitrary code execution (calc.exe). The PoC generates two files: 'poc.txt' (malicious payload) and 'buf.txt' (shellcode).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Audio Playback Recorder 3.2.2
No auth needed
Prerequisites: Local access to the target system · Audio Playback Recorder 3.2.2 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.4
EPSS 0.0019
EPSS Percentile 8.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-121
Status published
Products (1)
Tucows Inc./Audio Playback Recorder 3.2.2
Published Jan 29, 2026
Tracked Since Feb 18, 2026