CVE-2020-36967

CriticalPublic PoC

Published: 28 January 2026

Published

28 January 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0036 57.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with shellcode to trigger a structured exception handler (SEH) overwrite and…

execute arbitrary commands on the target system.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and remediation of software flaws like this buffer overflow to prevent remote code execution via patching or upgrades.

SI-16 Memory Protection good match

prevent

Implements memory protections such as DEP and ASLR that directly counter SEH overwrite exploits from buffer overflows, blocking arbitrary code execution.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Enables scanning for known vulnerabilities like CVE-2020-36967 in software components to identify and prioritize remediation of vulnerable Zortam Mp3 Media Studio instances.

Security SummaryAI

CVE-2020-36967 is a buffer overflow vulnerability (CWE-121) in Zortam Mp3 Media Studio version 27.60, specifically within the library creation file selection process. This flaw enables remote code execution when attackers craft a malicious text file containing shellcode that triggers a structured exception handler (SEH) overwrite. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-01-28.

Remote attackers require no privileges or authentication to exploit this issue. By delivering a specially crafted text file through the library creation process, they can achieve arbitrary command execution on the target system, potentially compromising confidentiality, integrity, and availability.

Advisories from VulnCheck (https://www.vulncheck.com/advisories/zortam-mp-media-studio-remote-code-execution-seh) and a proof-of-concept exploit on Exploit-DB (https://www.exploit-db.com/exploits/49084) detail the vulnerability. The vendor's website (https://www.zortam.com/index.html and https://www.zortam.com/download.html) provides access to software downloads, where patched versions may be available.

Details

CWE(s): CWE-121

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Buffer overflow vulnerability in client application Zortam Mp3 Media Studio enables remote code execution without user interaction, directly facilitating T1203: Exploitation for Client Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.exploit-db.com/exploits/49084
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/zortam-mp-media-studio-remote-code-execution-seh
disclosure@vulncheck.com
https://www.zortam.com/download.html
disclosure@vulncheck.com
https://www.zortam.com/index.html
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/49084
134c704f-9b21-4f2e-91b3-4a467353bcc0