Digital Music Pad Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Digital Music Pad version 8.2.3.3.4. The issue arises in the playlist file parser, where the application fails to properly validate input length when opening .pls files with excessively long strings in the File1 field. This lack of validation leads to corruption of the Structured Exception Handler (SEH) on the stack, potentially allowing an attacker to manipulate execution flow and execute arbitrary code.

Impact

Exploitation of this vulnerability can lead to arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by opening a specially crafted .pls file with Digital Music Pad version 8.2.3.3.4. The .pls file must contain an excessively long string in the File1 field, which will trigger the buffer overflow by overwriting the stack and corrupting the Structured Exception Handler.