CVE-2008-0295

VLC Media Player < 0.8.6d - Heap-Based Buffer Overflow via Long SDP Data

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0295.

AI-analyzed exploit summary This Python script generates a malicious .ssa file that exploits a local buffer overflow in Kantaris 0.3.4 Media Player. It includes a bind shell payload (port 4444) and leverages a JMP ESP instruction for execution.

Description

Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.

Exploits (1)

exploitdb WORKING POC

pythonlocalwindows

https://www.exploit-db.com/exploits/5498

View Code ZIP pw:eip

This Python script generates a malicious .ssa file that exploits a local buffer overflow in Kantaris 0.3.4 Media Player. It includes a bind shell payload (port 4444) and leverages a JMP ESP instruction for execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Kantaris Media Player 0.3.4

No auth needed

Prerequisites: Victim must open the malicious .ssa file in Kantaris Media Player

MITRE ATT&CK