CVE-2010-20042

Xion Audio Player ≤ 1.0.126 Unicode Stack Buffer Overflow

Description

Xion Audio Player versions prior to 1.0.126 are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an overly long string that overwrites the Structured Exception Handler (SEH) chain, allowing an attacker to hijack execution flow and run arbitrary code.

INFO

Published Date :

2025-08-20T15:42:51.014Z

Last Modified :

2026-04-07T14:01:44.644Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2010-20042 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2010-20042.

URL	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/xion_m3u_sehbof.rb
https://www.exploit-db.com/exploits/14517
https://www.exploit-db.com/exploits/14633
https://www.exploit-db.com/exploits/15598
https://www.exploit-db.com/exploits/16653
https://www.r2.com.au/page/products/download/xion-audio-player/
https://www.vulncheck.com/advisories/xion-audio-player-unicode-stack-buffer-overflow

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability