CVE-2006-6288

Niek Albers CoolPlayer <216 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6288. PoCs published by Trancek.

AI-analyzed exploit summary This exploit targets a local buffer overflow in CoolPlayer 2.17 via a maliciously crafted .m3u playlist file. It uses a JMP ESP instruction from ntdll.dll (Windows XP SP2 Spanish) and includes Metasploit-generated shellcode for a bind shell on port 4444.

Description

Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier allow remote attackers to execute arbitrary code via (1) a playlist file with long song names, because of an overflow in the CPL_AddPrefixedFile function in CPI_Playlist.c; (2) a skin file with long button names, because of an overflow in the main_skin_check_ini_value function in skin.c; and (3) a skin file with long bitmap filenames, because of an overflow in the main_skin_open function in skin.c.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Trancek · perllocalwindows

https://www.exploit-db.com/exploits/4839

View Code ZIP pw:eip

This exploit targets a local buffer overflow in CoolPlayer 2.17 via a maliciously crafted .m3u playlist file. It uses a JMP ESP instruction from ntdll.dll (Windows XP SP2 Spanish) and includes Metasploit-generated shellcode for a bind shell on port 4444.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: CoolPlayer 2.17

No auth needed

Prerequisites: Victim must open the crafted .m3u file in CoolPlayer 2.17 · Attacker must know the target's directory path length for proper offset calculation

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →