CVE-2009-20002

UNKNOWN 0.0

Millenium MP3 Studio <= 2.0 .pls File Stack-Based Buffer Overflow

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Millenium MP3 Studio versions up to and including 2.0 is vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application fails to properly validate the length of the File1 field within the playlist, allowing an attacker to craft a malicious .pls file that overwrites the Structured Exception Handler (SEH) and executes arbitrary code. Exploitation requires the victim to open the file locally, though remote execution may be possible if the .pls extension is registered to the application and opened via a browser.

CWE	CWE-121
Vendor	millenium
Product	mp3 studio
Published	Aug 21, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for millenium mp3 studio

Be the first to know when new unknown vulnerabilities affecting millenium mp3 studio are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Millenium / MP3 Studio

* ≤ 2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/millenium_mp3_pls.rb exploit-db.com: https://www.exploit-db.com/exploits/9618 exploit-db.com: https://www.exploit-db.com/exploits/10240 web.archive.org: https://web.archive.org/web/20090731112010/http://www.milw0rm.com/exploits/9277 ccm.net: https://ccm.net/downloads/sound/5995-millennium-mp3-studio/ vulncheck.com: https://www.vulncheck.com/advisories/millenium-mp3-studio-pls-file-stack-based-buffer-overflow

Credits

hack4love