CVE-2008-6583

BS.player 2.27 build 959 - Buffer Overflow via Long String in .SRT File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6583. PoCs published by j0rgan.

AI-analyzed exploit summary This exploit generates a maliciously crafted SRT subtitle file with an oversized buffer (80,000 'A' characters) to trigger a buffer overflow in BS.Player 2.27 Build 959. The vulnerability is exploited when the user opens the subtitle file with the player.

Description

Buffer overflow in BS.player 2.27 build 959 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .SRT file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by j0rgan · pythondoswindows

https://www.exploit-db.com/exploits/5455

View Code ZIP pw:eip

This exploit generates a maliciously crafted SRT subtitle file with an oversized buffer (80,000 'A' characters) to trigger a buffer overflow in BS.Player 2.27 Build 959. The vulnerability is exploited when the user opens the subtitle file with the player.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: BS.Player 2.27 Build 959

No auth needed

Prerequisites: User interaction to open the malicious SRT file in BS.Player

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/28811

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5455

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/41841

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1243/references

Scores

EPSS 0.0704

EPSS Percentile 93.4%

Details

CWE

CWE-119

Status published

Products (1)

bsplayer/bs.player 2.27

Published Apr 03, 2009

Tracked Since Feb 18, 2026