CVE-2008-3733

EO Video 1.36 - Stack-Based Buffer Overflow via Long Name Element in ProjectElement

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-3733. PoCs published by His0k4, j0rgan.

AI-analyzed exploit summary This exploit targets a SEH overwrite vulnerability in EO Video v1.36 via a malformed playlist file. It uses a structured payload with a header, buffer overflow, SEH bypass, and shellcode to execute arbitrary commands (e.g., calc.exe).

Description

Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .eop (aka playlist) file with a ProjectElement element that contains a long Name element.

Exploits (2)

exploitdb WORKING POC VERIFIED

by His0k4 · pythonlocalwindows

https://www.exploit-db.com/exploits/8176

View Code ZIP pw:eip

This exploit targets a SEH overwrite vulnerability in EO Video v1.36 via a malformed playlist file. It uses a structured payload with a header, buffer overflow, SEH bypass, and shellcode to execute arbitrary commands (e.g., calc.exe).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: EO Video v1.36

No auth needed

Prerequisites: Victim must open the malformed .eop file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by j0rgan · pythondoswindows

https://www.exploit-db.com/exploits/6253

View Code ZIP pw:eip

This exploit demonstrates a heap overflow vulnerability in EO Video v1.36 by crafting a malicious *.eop playlist file with an oversized <Name> buffer. The PoC triggers a crash (DoS) and may allow arbitrary code execution under certain conditions.