CVE-2009-20003

UNKNOWN 0.0

Xenorate <= 2.50 .xpl File Stack-Based Buffer Overflow

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Xenorate versions up to and including 2.50, a Windows-based multimedia player, is vulnerable to a stack-based buffer overflow when processing .xpl playlist files. The application fails to properly validate the length of input data, allowing an attacker to craft a malicious .xpl file that overwrites the Structured Exception Handler (SEH) and enables arbitrary code execution. Exploitation requires local interaction, typically by convincing a user to open the crafted file.

CWE	CWE-121
Vendor	xenorate
Product	xenorate
Published	Aug 21, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for xenorate xenorate

Be the first to know when new unknown vulnerabilities affecting xenorate xenorate are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Xenorate / Xenorate

* ≤ 2.50

References

NVD ↗ CVE.org ↗ EPSS Data ↗

raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/xenorate_xpl_bof.rb exploit-db.com: https://www.exploit-db.com/exploits/10371 exploit-db.com: https://www.exploit-db.com/exploits/10373 fortiguard.com: https://www.fortiguard.com/encyclopedia/ips/18035 xenorate.com: http://www.xenorate.com/ web.archive.org: https://web.archive.org/web/20100507021109/http://www.xenorate.com/ vulncheck.com: https://www.vulncheck.com/advisories/xenorate-xpl-file-stack-based-buffer-overflow

Credits

germaya_x loneferret