CNNVD-202508-2548 Information

CNNVD ID

CNNVD-202508-2548

Related CVE

CVE-2009-20003

• CNNVD Published: 2025-08-21

Description (Chinese)

Xenorate是Xenorate个人开发者的一款音乐播放软件。 Xenorate 2.50及之前版本存在安全漏洞，该漏洞源于处理.xpl文件时未验证输入长度，可能导致栈缓冲区溢出和执行任意代码。

Description (English)

Xenorate is a music player for Xenorate personal developers. There is a security loophole in Xeniorate 2.50 and earlier versions, which stems from the processing of .xpl documents without verifying the length of the input, which could lead to an spill over the fence and the implementation of any code.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-08-21

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/xenorate-xpl-file-stack-based-buffer-overflow https://www.fortiguard.com/encyclopedia/ips/18035 https://www.exploit-db.com/exploits/10373 https://www.exploit-db.com/exploits/10371 http://www.xenorate.com/ https://web.archive.org/web/20100507021109/ https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/xenorate_xpl_bof.rb https://nvd.nist.gov/vuln/detail/CVE-2009-20003