{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2020-36967", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-01-27T15:47:07.998Z", "datePublished": "2026-01-28T17:35:09.892Z", "dateUpdated": "2026-04-07T14:05:11.065Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:05:11.065Z"}, "title": "Zortam Mp3 Media Studio 27.60 - Remote Code Execution (SEH)", "descriptions": [{"lang": "en", "value": "Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with shellcode to trigger a structured exception handler (SEH) overwrite and execute arbitrary commands on the target system."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Stack-based Buffer Overflow", "cweId": "CWE-121", "type": "CWE"}]}], "affected": [{"vendor": "Zortam.com", "product": "Zortam Mp3 Media Studio", "versions": [{"version": "27.60", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.4, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/49084", "name": "ExploitDB-49084", "tags": ["exploit"]}, {"url": "https://www.zortam.com/index.html", "name": "Zortam Official Homepage", "tags": ["product"]}, {"url": "https://www.zortam.com/download.html", "name": "Zortam Software Download Page", "tags": ["product"]}, {"name": "VulnCheck Advisory: Zortam Mp3 Media Studio 27.60 - Remote Code Execution (SEH)", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/zortam-mp-media-studio-remote-code-execution-seh"}], "credits": [{"lang": "en", "value": "Vincent Wolterman", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2020-11-20T00:00:00.000Z"}, "adp": [{"references": [{"url": "https://www.exploit-db.com/exploits/49084", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-28T18:59:15.410183Z", "id": "CVE-2020-36967", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-29T18:12:14.446Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-36967", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-28T18:59:15.410183Z"}}}], "references": [{"url": "https://www.exploit-db.com/exploits/49084", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T18:59:20.297Z"}}], "cna": {"title": "Zortam Mp3 Media Studio 27.60 - Remote Code Execution (SEH)", "credits": [{"lang": "en", "type": "finder", "value": "Vincent Wolterman"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Zortam.com", "product": "Zortam Mp3 Media Studio", "versions": [{"status": "affected", "version": "27.60"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/49084", "name": "ExploitDB-49084", "tags": ["exploit"]}, {"url": "https://www.zortam.com/index.html", "name": "Zortam Official Homepage", "tags": ["product"]}, {"url": "https://www.zortam.com/download.html", "name": "Zortam Software Download Page", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/zortam-mp-media-studio-remote-code-execution-seh", "name": "VulnCheck Advisory: Zortam Mp3 Media Studio 27.60 - Remote Code Execution (SEH)", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with shellcode to trigger a structured exception handler (SEH) overwrite and execute arbitrary commands on the target system."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-01-28T17:35:09.892Z"}}}, "cveMetadata": {"cveId": "CVE-2020-36967", "state": "PUBLISHED", "dateUpdated": "2026-01-29T18:12:14.446Z", "dateReserved": "2026-01-27T15:47:07.998Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-01-28T17:35:09.892Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with shellcode to trigger a structured exception handler (SEH) overwrite and execute arbitrary commands on the target system."}, {"lang": "es", "value": "Zortam Mp3 Media Studio 27.60 contiene una vulnerabilidad de desbordamiento de b\u00fafer en el proceso de selecci\u00f3n de archivos para la creaci\u00f3n de librer\u00edas que permite la ejecuci\u00f3n remota de c\u00f3digo. Los atacantes pueden crear un archivo de texto malicioso con shellcode para desencadenar una sobrescritura del controlador de excepciones estructuradas (SEH) y ejecutar comandos arbitrarios en el sistema objetivo."}], "id": "CVE-2020-36967", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-01-28T18:16:46.970", "references": [{"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/49084"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/zortam-mp-media-studio-remote-code-execution-seh"}, {"source": "disclosure@vulncheck.com", "url": "https://www.zortam.com/download.html"}, {"source": "disclosure@vulncheck.com", "url": "https://www.zortam.com/index.html"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://www.exploit-db.com/exploits/49084"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"created": "2026-01-29T09:09:33.487496+00:00", "updated": "2026-01-29T09:09:33.487523+00:00", "vendors": ["zortam", "zortam$PRODUCT$mp3_media_studio"]}