CVE-2008-0619

Nero MediaPlayer < 1.4.0.35 - Remote Code Execution via Long URI in M3U File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0619. PoCs published by securfrog.

AI-analyzed exploit summary This exploit triggers a remote buffer overflow in Nero Media Player by creating a malicious .M3U file with an overly long HTTP URL. The crash occurs when the player processes the file, leading to an access violation.

Description

Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by securfrog · perldoswindows

https://www.exploit-db.com/exploits/5063

View Code ZIP pw:eip

This exploit triggers a remote buffer overflow in Nero Media Player by creating a malicious .M3U file with an overly long HTTP URL. The crash occurs when the player processes the file, leading to an access violation.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Nero Media Player <= 1.4.0.35b

No auth needed

Prerequisites: Ability to deliver a malicious .M3U file to the target

MITRE ATT&CK