CNNVD-202508-2546 Information

CNNVD ID

CNNVD-202508-2546

Related CVE

CVE-2009-20002

• CNNVD Published: 2025-08-21

Description (Chinese)

Millenium MP3 Studio是Millenium公司的一款音乐播放软件。 Millenium MP3 Studio 2.0及之前版本存在安全漏洞，该漏洞源于解析.pls文件时未验证File1字段长度，可能导致栈缓冲区溢出和执行任意代码。

Description (English)

Milenium MP3 Studio is a music player for Millenium. There is a security loophole in Millenium MP3 Studio 2.0 and earlier versions, which stems from the failure to verify the File1 field length when deciphering.pls files, which could lead to a spill over the fence and the implementation of any code.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Millenium

Published

2025-08-21

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/millenium-mp3-studio-pls-file-stack-based-buffer-overflow https://www.exploit-db.com/exploits/9618 https://www.exploit-db.com/exploits/10240 http://www.milw0rm.com/exploits/9277 https://web.archive.org/web/20090731112010/ https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/millenium_mp3_pls.rb https://ccm.net/downloads/sound/5995-millennium-mp3-studio/ https://nvd.nist.gov/vuln/detail/CVE-2009-20002

Patch

https://ccm.net/downloads/sound/5995-millennium-mp3-studio/