CVE-2004-1475

xine-lib 1-rc2-1-rc5 - Stack-Based Buffer Overflow via Long VideoCD MRL or Subtitle Lines

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1475. PoCs published by c0ntex.

AI-analyzed exploit summary This exploit demonstrates a stack-based buffer overflow in Xine-lib's handling of the vcd:// input source identifier, allowing remote code execution via a crafted playlist file (e.g., .asx). The PoC includes a server that delivers a malicious payload to overflow the buffer and execute arbitrary code.

Description

Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.

Exploits (1)

exploitdb WORKING POC VERIFIED

by c0ntex · cremotelinux

https://www.exploit-db.com/exploits/386

View Code ZIP pw:eip

This exploit demonstrates a stack-based buffer overflow in Xine-lib's handling of the vcd:// input source identifier, allowing remote code execution via a crafted playlist file (e.g., .asx). The PoC includes a server that delivers a malicious payload to overflow the buffer and execute arbitrary code.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Xine-lib (including Xine-lib-rc5)

No auth needed

Prerequisites: Victim must open a malicious playlist file (e.g., .asx) via Xine

MITRE ATT&CK