CVE-2008-4664

QVOD Player - Heap-Based Buffer Overflow via URL Property

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4664. PoCs published by anonymous.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Qvod Player's ActiveX control (QvodInsert.dll) by leveraging heap spraying and shellcode execution. It attempts to execute arbitrary code in the context of Internet Explorer by overflowing a buffer with a crafted string.

Description

Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control (QvodInsert.dll) in QVOD Player before 2.1.5 build 0053 allows remote attackers to execute arbitrary code via a long URL property. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · htmlremotewindows

https://www.exploit-db.com/exploits/31023

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Qvod Player's ActiveX control (QvodInsert.dll) by leveraging heap spraying and shellcode execution. It attempts to execute arbitrary code in the context of Internet Explorer by overflowing a buffer with a crafted string.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Qvod Player versions prior to 2.1.5 build 0053

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX controls must be enabled in the browser

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27271

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28494

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/39675

Various Sources x_refsource_misc

http://hi.baidu.com/muma_reader/blog/item/46bd0d7a04eb75e92f73b36e.html

Scores

EPSS 0.0629

EPSS Percentile 92.7%

Details

CWE

CWE-119

Status published

Products (3)

qvod/qvod_player 1.0.1

qvod/qvod_player 2.0.1

qvod/qvod_player 2.5.1

Published Oct 22, 2008

Tracked Since Feb 18, 2026