CVE-2009-0546

NewsGator FeedDemon <2.7 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2009-0546. PoCs published by Metasploit, fl0 fl0w, cenjan, including Metasploit module exploits/windows/fileformat/feeddemon_opml.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in FeedDemon <= 3.1.0.12 via a maliciously crafted OPML file. It leverages SEH overwrites and alphanumeric mixed encoding to achieve arbitrary code execution.

Description

Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbitrary code via a long text attribute in an outline element in a .opml file.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16640

This Metasploit module exploits a stack-based buffer overflow in FeedDemon <= 3.1.0.12 via a maliciously crafted OPML file. It leverages SEH overwrites and alphanumeric mixed encoding to achieve arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: FeedDemon <= 3.1.0.12
No auth needed
Prerequisites: Victim must open the malicious OPML file in FeedDemon
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by fl0 fl0w · clocalwindows
https://www.exploit-db.com/exploits/11379

This exploit targets a buffer overflow vulnerability in FeedDemon's OPML file parsing. It crafts a malicious OPML file with shellcode and a NOP sled to achieve remote code execution by overwriting the EIP with a return-to-ESP address.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: FeedDemon 3.1.0.9
No auth needed
Prerequisites: Victim must open the malicious OPML file in FeedDemon
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by cenjan · perllocalwindows
https://www.exploit-db.com/exploits/8010

This Perl script generates a malicious OPML file that exploits a buffer overflow vulnerability in FeedDemon 2.7.0.0. The exploit triggers a stack-based overflow via a crafted OPML file, leading to arbitrary code execution (calc.exe).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: FeedDemon 2.7.0.0
No auth needed
Prerequisites: Victim must import the malicious OPML file into FeedDemon
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Praveen Darshanam · perldoswindows
https://www.exploit-db.com/exploits/7995

This Perl script generates a malicious OPML file with an overly long 'text' tag to trigger a buffer overflow in FeedDemon 2.7.0.0, leading to a DoS condition. The PoC leverages the XML::OPML module to craft the exploit file.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: FeedDemon 2.7.0.0
No auth needed
Prerequisites: Perl environment with XML::OPML module installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by fl0 fl0w, dookie, jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/feeddemon_opml.rb

This Metasploit module exploits a stack buffer overflow in FeedDemon v3.1.0.12 via a crafted OPML file, achieving arbitrary code execution through SEH overwrite and alphanumeric shellcode.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: FeedDemon v3.1.0.12
No auth needed
Prerequisites: Victim must open the malicious OPML file in FeedDemon
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33718
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/51753
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/500686/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33630
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7995
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8010
Various Sources x_refsource_misc
http://security.bkis.vn/?p=329

Scores

EPSS 0.3651
EPSS Percentile 98.3%

Details

CWE
CWE-119
Status published
Products (5)
newsgator/feeddemon 2.0.0.24
newsgator/feeddemon 2.6
newsgator/feeddemon 2.6.1.4
newsgator/feeddemon 2.6.1.5
newsgator/feeddemon < 2.7
Published Feb 12, 2009
Tracked Since Feb 18, 2026