CVE-2008-1912

DivX Player <6.7.0.22 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-1912. PoCs published by lhoang8500, securfrog.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in DivX Player <=6.7 during SRT subtitle parsing. It uses a crafted SRT file with UTF8-encoded shellcode to trigger a stack-based overflow, leading to arbitrary code execution (e.g., launching Calculator).

Description

Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long subtitle in a .SRT file.

Exploits (2)

exploitdb WORKING POC VERIFIED
by lhoang8500 · c++localwindows
https://www.exploit-db.com/exploits/5492

This exploit targets a buffer overflow vulnerability in DivX Player <=6.7 during SRT subtitle parsing. It uses a crafted SRT file with UTF8-encoded shellcode to trigger a stack-based overflow, leading to arbitrary code execution (e.g., launching Calculator).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DivX Player <=6.7
No auth needed
Prerequisites: Victim must open a maliciously crafted SRT file in DivX Player
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by securfrog · perldoswindows
https://www.exploit-db.com/exploits/5453

This exploit demonstrates a buffer overflow vulnerability in DIVX Player <= 6.7.0 by creating a malformed .SRT subtitle file with an overly long subtitle, leading to a crash with EIP overwrite.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: DIVX Player <= 6.7.0
No auth needed
Prerequisites: A target system with DIVX Player <= 6.7.0 installed · Ability to deliver a malformed .SRT file to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29780
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1235/references
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28799
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490898/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019921
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5453
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5492

Scores

EPSS 0.2356
EPSS Percentile 96.1%

Details

CWE
CWE-119
Status published
Products (1)
divx/divx_player < 6.7
Published Apr 22, 2008
Tracked Since Feb 18, 2026