CVE-2008-2910

muvee autoProducer 6.0 and 6.1 - Buffer Overflow via DXTTextOutEffect ActiveX FontSetting Property

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2910. PoCs published by Nine:Situations:Group.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in muvee Technologies Text-Effect DXT Filter (TextOut.dll v6.0.18.1) via the FontSetting property. It uses a heap spray technique to achieve remote code execution (RCE) by overflowing the buffer with a crafted payload.

Description

Buffer overflow in the DXTTextOutEffect ActiveX control (aka the Text-Effect DXT Filter), as distributed in TextOut.dll 6.0.18.1 and mvtextout.dll, in muvee autoProducer 6.0 and 6.1 allows remote attackers to execute arbitrary code via a long FontSetting property value.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Nine:Situations:Group · htmlremotewindows
https://www.exploit-db.com/exploits/5793

This exploit targets a buffer overflow vulnerability in muvee Technologies Text-Effect DXT Filter (TextOut.dll v6.0.18.1) via the FontSetting property. It uses a heap spray technique to achieve remote code execution (RCE) by overflowing the buffer with a crafted payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: muvee AutoProducer 6.0 / 6.1 (TextOut.dll v6.0.18.1)
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer · TextOut.dll must be registered and vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43036
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29693
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5793
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30696

Scores

EPSS 0.0930
EPSS Percentile 94.7%

Details

CWE
CWE-119
Status published
Products (2)
muvee/autoproducer 6.0
muvee/autoproducer 6.1
Published Jun 30, 2008
Tracked Since Feb 18, 2026