Millennium MP3 Studio Stack-Based Buffer Overflow Vulnerability in Playlist File Parsing

A stack-based buffer overflow vulnerability has been identified in Millennium MP3 Studio versions through 2.0. The issue arises when the application parses .pls playlist files, as it fails to properly validate the length of the File1 field. This oversight allows attackers to craft malicious .pls files that overwrite the Structured Exception Handler (SEH) and execute arbitrary code. Exploitation requires the victim to open the file locally, although remote execution may be possible if the .pls extension is registered with the application and the file is opened via a browser.

Impact

Exploitation of this vulnerability allows for a stack-based buffer overflow, which can be leveraged to execute arbitrary code on the affected system.

Reproduction

The vulnerability can be reproduced by creating a .pls file that includes a crafted payload. This file must then be opened in Millennium MP3 Studio. Alternatively, if the .pls extension is associated with Millennium MP3 Studio, the file can be opened through a web browser, which may also trigger the vulnerability.