CVE-2008-0073
xine-lib 1.1.10.1 - Remote Code Execution via Large streamid SDP Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-0073.
AI-analyzed exploit summary This Python script generates a malicious .ssa file that exploits a local buffer overflow in Kantaris 0.3.4 Media Player. It includes a bind shell payload that listens on port 4444, demonstrating remote code execution.
Description
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.
Exploits (1)
exploitdb
WORKING POC
pythonlocalwindows
https://www.exploit-db.com/exploits/5498
This Python script generates a malicious .ssa file that exploits a local buffer overflow in Kantaris 0.3.4 Media Player. It includes a bind shell payload that listens on port 4444, demonstrating remote code execution.
Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:
Kantaris Media Player 0.3.4
No auth needed
Prerequisites:
Victim must open the malicious .ssa file in Kantaris Media Player
devstral-2 · analyzed Feb 19, 2026
Full analysis →
References (34)
Core 34
Core References
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2008-10/
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1543
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200808-01.xml
Various Sources vendor-advisory
x_refsource_slackware
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.392408
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28312
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41339
Various Sources x_refsource_confirm
http://www.videolan.org/security/sa0803.php
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29392
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html
Patch x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28694
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29740
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200804-25.xml
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31393
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
Patch x_refsource_confirm
http://xinehq.de/index.php/news
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29601
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:178
Third Party Advisory x_refsource_confirm
http://wiki.videolan.org/Changelog/0.8.6f
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0923
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29800
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:219
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29766
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019682
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29503
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29472
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1536
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29578
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0985
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31372
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-635-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30581
Scores
EPSS
0.0917
EPSS Percentile
94.7%
Details
CWE
CWE-189
Status
published
Products (1)
xine/xine-lib
1.1.10.1
Published
Mar 24, 2008
Tracked Since
Feb 18, 2026