CVE-2020-37013
Unknown Unknown - Not Provided
Buffer Overflow in Audio Playback Recorder 3.2.2 Enables Code Execution

Publication date: 2026-01-29

Last updated on: 2026-01-29

Assigner: VulnCheck

Description
Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler (SEH) to execute shellcode when pasting specially crafted input into the application's input fields.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-29
Last Modified
2026-01-29
Generated
2026-06-16
AI Q&A
2026-01-29
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37013
EUVD
EUVD-2020-30908
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tongsoft audio_playback_recorder 3.2.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-37013 is a local buffer overflow vulnerability in Audio Playback Recorder version 3.2.2, specifically affecting the "eject" and "registration" input parameters. Attackers can craft malicious payloads that overwrite the Structured Exception Handler (SEH) by pasting specially crafted input into the application's input fields. This allows execution of arbitrary code, such as running shellcode, when the overwritten SEH is triggered. [1, 4]

Impact Analysis

This vulnerability can allow an attacker with local access to execute arbitrary code on the affected system by exploiting the buffer overflow in the Audio Playback Recorder application. This could lead to unauthorized actions such as running malicious programs, potentially compromising the system's integrity and security. [1, 4]

Detection Guidance

This vulnerability is a local buffer overflow in Audio Playback Recorder 3.2.2 triggered by pasting specially crafted input into the application's 'eject' and 'registration' input fields. Detection involves verifying if the vulnerable version (3.2.2) of Audio Playback Recorder is installed on the system. Since it is a local vulnerability requiring user interaction, network detection is not applicable. There are no specific commands provided to detect exploitation attempts. However, you can check the installed software version and monitor for unusual application crashes or behavior when using the 'eject' or 'registration' features. [1, 4]

Mitigation Strategies

Immediate mitigation steps include: 1) Avoid using the 'eject' and 'registration' input fields in Audio Playback Recorder 3.2.2 with untrusted or unknown input, especially avoiding pasting data into these fields. 2) If possible, update or patch the software to a version that fixes this vulnerability (no fixed version is mentioned, so consider removing or restricting use of the vulnerable application). 3) Limit user privileges to prevent unauthorized execution of the vulnerable application. 4) Monitor and restrict clipboard usage related to this application to prevent malicious payload pasting. 5) Consider disabling or uninstalling Audio Playback Recorder 3.2.2 until a fix is available. [1, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37013. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart