CVE-2007-0949

iTinySoft Studio Total Video Player <1.03 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: it was later reported that 1.20 and 1.30 are also affected.

Exploits (2)

exploitdb WORKING POC VERIFIED

by fl0 fl0w · c++localwindows

https://www.exploit-db.com/exploits/5077

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by fl0 fl0w · clocalwindows

https://www.exploit-db.com/exploits/5032

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://secunia.com/advisories/23999

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/32479

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/22553

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5032

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5077

[Third Party Advisory, VDB Entry] http://osvdb.org/33187

Scores

EPSS 0.2920

EPSS Percentile 96.6%

Details

Status published

Products (1)

itinysoft_studio/total_video_player < 1.03

Published Feb 15, 2007

Tracked Since Feb 18, 2026