CVE-2007-1559

Roxio CinePlayer 3.2 - Remote Code Execution via Long Property Values or Method Arguments

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2007-1559. PoCs published by Metasploit, Carsten Eiram, including Metasploit module exploits/windows/browser/roxio_cineplayer.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack-based buffer overflow in Roxio CinePlayer's ActiveX control (SonicMediaPlayer.dll 3.0.0.1) via an overly long 'DiskType' parameter. It delivers a payload through a malicious HTML page with embedded JavaScript to achieve remote code execution.

Description

Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via (1) unspecified long property values to SonicMediaPlayer.dll or (2) long arguments to unspecified methods in SonicMediaPlayer.dll.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16559

This is a Metasploit module exploiting a stack-based buffer overflow in Roxio CinePlayer's ActiveX control (SonicMediaPlayer.dll 3.0.0.1) via an overly long 'DiskType' parameter. It delivers a payload through a malicious HTML page with embedded JavaScript to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Roxio CinePlayer 3.2 (SonicMediaPlayer.dll 3.0.0.1)
No auth needed
Prerequisites: Target must have Roxio CinePlayer 3.2 installed · Target must visit a malicious web page or open a malicious HTML file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Carsten Eiram · htmlremotewindows
https://www.exploit-db.com/exploits/29840

This is a working proof-of-concept exploit for a stack-based buffer overflow in Roxio CinePlayer 3.2. It leverages an ActiveX control vulnerability to execute arbitrary shellcode via a malicious HTML document.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Roxio CinePlayer 3.2 (SonicMediaPlayer.dll)
No auth needed
Prerequisites: Victim must open a malicious HTML document · ActiveX control must be enabled in the browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/roxio_cineplayer.rb

This Metasploit module exploits a stack-based buffer overflow in the Roxio CinePlayer ActiveX control (SonicMediaPlayer.dll 3.0.0.1) via an overly long 'DiskType' parameter. It delivers a malicious HTML page with JavaScript to trigger the vulnerability and execute arbitrary code.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Roxio CinePlayer 3.2 (SonicMediaPlayer.dll 3.0.0.1)
No auth needed
Prerequisites: Target must have Roxio CinePlayer 3.2 installed · Target must visit a malicious webpage or open a malicious HTML file
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/34779
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33590
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1017906
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22251
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23412
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1337

Scores

EPSS 0.3181
EPSS Percentile 98.1%

Details

Status published
Products (1)
roxio/cineplayer 3.2
Published Apr 11, 2007
Tracked Since Feb 18, 2026