CVE-2008-5735

CoolPlayer 2.17-2.19 - Stack-based Buffer Overflow via PlaylistSkin in Skin File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-5735. PoCs published by Encrypt3d.M!nd, r0ut3r.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in CoolPlayer (Skin) by crafting a malicious .ini file with a long string to overwrite the EIP and execute shellcode. It includes a Metasploit-generated alphanumeric shellcode for adding a user.

Description

Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Encrypt3d.M!nd · pythonlocalwindows
https://www.exploit-db.com/exploits/7547

This exploit targets a buffer overflow vulnerability in CoolPlayer (Skin) by crafting a malicious .ini file with a long string to overwrite the EIP and execute shellcode. It includes a Metasploit-generated alphanumeric shellcode for adding a user.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CoolPlayer versions 2.17, 2.18, 2.19
No auth needed
Prerequisites: Victim must open the malicious .ini file with CoolPlayer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by r0ut3r · c++localwindows
https://www.exploit-db.com/exploits/7536

This exploit targets a local buffer overflow in CoolPlayer 2.19 via a maliciously crafted skin file. It overwrites the EIP with a JMP ESP instruction and executes shellcode to spawn calc.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CoolPlayer 2.19
No auth needed
Prerequisites: Victim must open the maliciously crafted skin file in CoolPlayer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499480/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7536
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32947
Vendor Advisory x_refsource_misc
http://www.bmgsec.com.au/advisory/43/
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4813
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47527
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7547

Scores

EPSS 0.3091
EPSS Percentile 96.9%

Details

CWE
CWE-119
Status published
Products (3)
coolplayer/coolplayer 2.17
coolplayer/coolplayer 2.18
coolplayer/coolplayer 2.19
Published Dec 26, 2008
Tracked Since Feb 18, 2026