CVE-2008-0090

DivX Player 6.6.0 - Denial of Service via npUpload.dll SetPassword Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0090. PoCs published by anonymous.

AI-analyzed exploit summary This exploit targets a Denial of Service (DoS) vulnerability in DivX Player 6.6.0 by triggering a buffer overflow via the SetPassword method of the npUpload.dll ActiveX control. The PoC causes an access violation when reading memory address 00000000, leading to a crash.

Description

A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · htmldoswindows

https://www.exploit-db.com/exploits/4829

View Code ZIP pw:eip

This exploit targets a Denial of Service (DoS) vulnerability in DivX Player 6.6.0 by triggering a buffer overflow via the SetPassword method of the npUpload.dll ActiveX control. The PoC causes an access violation when reading memory address 00000000, leading to a crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: DivX Player 6.6.0

No auth needed

Prerequisites: DivX Player 6.6.0 installed · Internet Explorer 7 · ActiveX enabled

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27106

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/39386

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4829

Scores

EPSS 0.2253

EPSS Percentile 97.4%

Details

CWE

CWE-119

Status published

Products (2)

divx/divx_player 6.6.0

microsoft/internet_explorer 7

Published Jan 04, 2008

Tracked Since Feb 18, 2026