CVE-2008-5036

VLC media player 0.9.x - Stack-based Buffer Overflow via RealText Subtitle Parsing

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-5036. PoCs published by Metasploit, SkD, Tobias Klein, SkD, juan vazquez, including Metasploit module exploits/windows/fileformat/vlc_realtext.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in VLC Media Player < 0.9.6 via a malicious RealText subtitle file. It generates both an MP4 and an RT file to trigger the vulnerability, leading to arbitrary code execution.

Description

Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/18548

This exploit targets a stack buffer overflow in VLC Media Player < 0.9.6 via a malicious RealText subtitle file. It generates both an MP4 and an RT file to trigger the vulnerability, leading to arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VLC Media Player < 0.9.6
No auth needed
Prerequisites: Victim must open the malicious MP4 file with VLC Media Player < 0.9.6 · Malicious RT file must be in the same directory as the MP4 file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by SkD · perllocalwindows
https://www.exploit-db.com/exploits/7051

This exploit targets a stack-based buffer overflow in VLC Media Player < 0.9.6 via a maliciously crafted .RT file. It leverages a 'jmp esp' address in shell32.dll to execute a calc.exe payload via alphanumeric shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VLC Media Player < 0.9.6
No auth needed
Prerequisites: VLC Media Player < 0.9.6 on Windows XP SP3 · Ability to deliver a malicious .RT file to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by Tobias Klein, SkD, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/vlc_realtext.rb

This exploit targets a stack buffer overflow in VLC Media Player < 0.9.6 via a malicious RealText subtitle file. It generates both an MP4 and RT file to trigger the vulnerability, leading to arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VLC Media Player < 0.9.6
No auth needed
Prerequisites: Victim must open the malicious MP4 file with VLC Media Player < 0.9.6 · Malicious RT file must be in the same directory as the MP4 file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14
Core References
Various Sources x_refsource_confirm
http://www.videolan.org/security/sa0810.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46376
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/11/05/4
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/498111/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7051
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/11/05/5
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/11/10/13
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32569
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33315
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14329
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32125
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200812-24.xml

Scores

EPSS 0.4144
EPSS Percentile 98.5%

Details

CWE
CWE-119
Status published
Products (7)
videolan/vlc_media_player 0.9
videolan/vlc_media_player 0.9.0
videolan/vlc_media_player 0.9.1
videolan/vlc_media_player 0.9.2
videolan/vlc_media_player 0.9.3
videolan/vlc_media_player 0.9.4
videolan/vlc_media_player 0.9.5
Published Nov 10, 2008
Tracked Since Feb 18, 2026