CVE-2020-36967

CriticalPublic PoC

Published: 28 January 2026

Published

28 January 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0036 57.9th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-36967 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Zortam Mp3 Media (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 42.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and remediation of software flaws like this buffer overflow to prevent remote code execution via patching or upgrades.

SI-16 Memory Protection good match

prevent

Implements memory protections such as DEP and ASLR that directly counter SEH overwrite exploits from buffer overflows, blocking arbitrary code execution.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Enables scanning for known vulnerabilities like CVE-2020-36967 in software components to identify and prioritize remediation of vulnerable Zortam Mp3 Media Studio instances.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Buffer overflow vulnerability in client application Zortam Mp3 Media Studio enables remote code execution without user interaction, directly facilitating T1203: Exploitation for Client Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with shellcode to trigger a structured exception handler (SEH) overwrite and…

execute arbitrary commands on the target system.

Deeper analysisAI

CVE-2020-36967 is a buffer overflow vulnerability (CWE-121) in Zortam Mp3 Media Studio version 27.60, specifically within the library creation file selection process. This flaw enables remote code execution when attackers craft a malicious text file containing shellcode that triggers a structured exception handler (SEH) overwrite. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-01-28.

Remote attackers require no privileges or authentication to exploit this issue. By delivering a specially crafted text file through the library creation process, they can achieve arbitrary command execution on the target system, potentially compromising confidentiality, integrity, and availability.

Advisories from VulnCheck (https://www.vulncheck.com/advisories/zortam-mp-media-studio-remote-code-execution-seh) and a proof-of-concept exploit on Exploit-DB (https://www.exploit-db.com/exploits/49084) detail the vulnerability. The vendor's website (https://www.zortam.com/index.html and https://www.zortam.com/download.html) provides access to software downloads, where patched versions may be available.