CVE-2006-6199

BlazeVideo BlazeDVD Standard and Professional 5.0 - Stack-based Buffer Overflow via PLF Playlist Filename

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 10 public exploits for CVE-2006-6199. PoCs published by Mike Czumak, PuN1sh3r, Craig Freyman, including Metasploit module exploits/windows/fileformat/blazedvd_plf.

AI-analyzed exploit summary This exploit leverages a buffer overflow vulnerability in BlazeDVD 6.2 via a malformed .plf file to achieve arbitrary code execution by overwriting SEH and executing shellcode.

Description

Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.

Exploits (10)

exploitdb WORKING POC VERIFIED
by Mike Czumak · perllocalwindows
https://www.exploit-db.com/exploits/29263

This exploit leverages a buffer overflow vulnerability in BlazeDVD 6.2 via a malformed .plf file to achieve arbitrary code execution by overwriting SEH and executing shellcode.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BlazeDVD 6.2.0.0
No auth needed
Prerequisites: Victim must open the malicious .plf file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by PuN1sh3r · perllocalwindows
https://www.exploit-db.com/exploits/26889

This exploit targets a local stack-based buffer overflow in BlazeDVD Pro 6.1 by crafting a malicious .plf file. It overwrites the EIP with a JMP ESP address from kernel32.dll and executes a Metasploit-generated calc.exe payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BlazeDVD Pro 6.1
No auth needed
Prerequisites: Victim must open the malicious .plf file with BlazeDVD Pro 6.1
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Craig Freyman · rubylocalwindows
https://www.exploit-db.com/exploits/23783

This Metasploit module exploits a vulnerability in BlazeDVD 6.1 by crafting a malicious PLF file to bypass DEP and ASLR, leading to arbitrary code execution. It uses a ROP chain to achieve this, targeting a specific return address and offset.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: BlazeDVD 6.1
No auth needed
Prerequisites: Victim must open the malicious PLF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16618

This Metasploit module exploits a stack-based buffer overflow in BlazeDVD 5.1 by crafting a malicious PLF file. The exploit overwrites the return address to execute arbitrary shellcode, achieving remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BlazeDVD 5.1
No auth needed
Prerequisites: Victim must open the malicious PLF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by mr_me · pythonlocalwindows
https://www.exploit-db.com/exploits/13905

This exploit demonstrates a stack-based buffer overflow in BlazeDVD v5.1, bypassing ASLR and DEP on Windows 7 via ROP chains and shellcode execution. It leverages a .plf file to trigger the vulnerability and achieve arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: BlazeDVD v5.1
No auth needed
Prerequisites: BlazeDVD v5.1 installed on Windows 7 · Ability to deliver a malicious .plf file to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by hack4love · perllocalwindows
https://www.exploit-db.com/exploits/9329

This exploit targets a local buffer overflow vulnerability in BlazeDVD 5.1 Professional via a maliciously crafted .PLF file. It leverages SEH overwrite with a hardcoded address and shellcode to achieve arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BlazeDVD 5.1 Professional
No auth needed
Prerequisites: Victim must open the malicious .PLF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by LiquidWorm · perlremotewindows
https://www.exploit-db.com/exploits/6217

This exploit demonstrates a buffer overflow in BlazeDVD 5.0 via a crafted PLF playlist file, overwriting EIP to execute arbitrary code (calc.exe). The PoC includes a Metasploit-generated shellcode and a hardcoded return address.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BlazeDVD 5.0
No auth needed
Prerequisites: Victim must open the malicious PLF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Greg Linares · clocalwindows
https://www.exploit-db.com/exploits/2880

This exploit demonstrates a stack-based buffer overflow in BlazeVideo HDTV Player <= v2.1 by crafting a malicious PLF file with an overly long path. It includes shellcode to execute calc.exe and provides multiple JMP ESP addresses for various Windows versions.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BlazeVideo HDTV Player <= v2.1
No auth needed
Prerequisites: Victim must open the malicious PLF file
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC
perllocalwindows
https://www.exploit-db.com/exploits/9360

This Perl script exploits a buffer overflow vulnerability in BlazeDVD 5.1 Professional and Blaze HDTV Player 6.0 via a maliciously crafted .PLF file. It leverages SEH (Structured Exception Handler) overwrites to achieve arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BlazeDVD 5.1 Professional, Blaze HDTV Player 6.0
No auth needed
Prerequisites: Victim must open the malicious .PLF file
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC GOOD
by Deepak Rathore · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/blazedvd_plf.rb

This Metasploit module exploits a stack-based buffer overflow in BlazeDVD 5.1 and 6.2 via a maliciously crafted PLF file, achieving remote code execution through SEH overwrites and ROP chains.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BlazeDVD 5.1 and 6.2
No auth needed
Prerequisites: Victim must open the malicious PLF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2880
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/26889
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23041
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30567
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/30770
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/23783
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21337
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4764

Scores

EPSS 0.8549
EPSS Percentile 99.4%

Details

CWE
CWE-119
Status published
Products (1)
blazevideo/blaze_dvd 5.0 (2 CPE variants)
Published Dec 01, 2006
Tracked Since Feb 18, 2026