CVE-2009-1370

Xilisoft Video Converter - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video Converter 3.1.53.0704n and 5.1.23.0402 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .cue file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by fl0 fl0w · c++doswindows

https://www.exploit-db.com/exploits/8390

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/34660

[Exploit] http://www.securityfocus.com/bid/34472

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/49807

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/8390

Scores

EPSS 0.2412

EPSS Percentile 96.1%

Details

CWE

CWE-119

Status published

Products (2)

xilisoft/xilisoft_video_converter 3.1.53

xilisoft/xilisoft_video_converter 5.1.23

Published Apr 22, 2009

Tracked Since Feb 18, 2026