CVE-2008-1044

Move Media Player - Stack-based Buffer Overflow via Quantum Streaming Player ActiveX UploadLogs Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1044. PoCs published by Elazar.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the Move Networks Quantum Streaming Player Control (QSP2IE) via the UploadLogs() method. It uses a heap spray technique to achieve remote code execution by overflowing a buffer with a large string and embedding shellcode.

Description

Stack-based buffer overflow in the Quantum Streaming Player (Quantum Streaming IE Player) ActiveX control (aka QSP2IE.QSP2IE) in qsp2ie07076007.dll 7.7.6.7 and qsp2ie07074039.dll 7.7.4.39 in Move Media Player allows remote attackers to execute arbitrary code via a long argument to the UploadLogs method, a different vector than CVE-2007-4722. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Elazar · htmlremotewindows

https://www.exploit-db.com/exploits/5190

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the Move Networks Quantum Streaming Player Control (QSP2IE) via the UploadLogs() method. It uses a heap spray technique to achieve remote code execution by overflowing a buffer with a large string and embedding shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Move Networks Quantum Streaming Player Control (QSP2IE) version 7.7.4.39

No auth needed

Prerequisites: Victim must be using Internet Explorer with the vulnerable ActiveX control installed · JavaScript must be enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27995

Mailing List mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060460.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0684

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29108

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5190

Scores

EPSS 0.0484

EPSS Percentile 90.9%

Details

CWE

CWE-119

Status published

Products (3)

move_networks_inc/move_media_player

move_networks_inc/qunatum_streaming_player 7.7.4_39

move_networks_inc/qunatum_streaming_player 7.7.6.7

Published Feb 27, 2008

Tracked Since Feb 18, 2026