CVE-2009-1437

CoolPlayer Portable < 2.19.6 - Stack-based Buffer Overflow via Malformed Playlist File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2009-1437. PoCs published by His0k4, Stack, GoLd_M.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in CoolPlayer Portable via a maliciously crafted M3U file. It leverages a SEH overwrite with a calc.exe payload encoded using Metasploit's PexFnstenvSub encoder.

Description

Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.6 and earlier allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: this may overlap CVE-2008-3408.

Exploits (4)

exploitdb WORKING POC VERIFIED
by His0k4 · pythonlocalwindows
https://www.exploit-db.com/exploits/8520

This exploit targets a buffer overflow vulnerability in CoolPlayer Portable via a maliciously crafted M3U file. It leverages a SEH overwrite with a calc.exe payload encoded using Metasploit's PexFnstenvSub encoder.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CoolPlayer Portable (version not specified)
No auth needed
Prerequisites: Victim must open the malicious M3U file in CoolPlayer Portable
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Stack · perllocalwindows
https://www.exploit-db.com/exploits/8519

This exploit targets a buffer overflow vulnerability in CoolPlayer Portable 2.19.1 via a maliciously crafted M3U file. It overwrites the EIP with a JMP ESP address from ntdll.dll and executes a calc.exe payload using alphanumeric shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CoolPlayer Portable 2.19.1
No auth needed
Prerequisites: Victim must open the malicious M3U file in CoolPlayer Portable 2.19.1
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by GoLd_M · perldoswindows
https://www.exploit-db.com/exploits/8489

This exploit generates a malicious .M3U file with a long string of 'A' characters to trigger a local stack overflow in CoolPlayer Portable 2.19.1. The PoC demonstrates the vulnerability but does not include a payload for remote code execution.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: CoolPlayer Portable 2.19.1
No auth needed
Prerequisites: Ability to deliver a malicious .M3U file to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 3 stars
by HanseSecure · poc
https://github.com/HanseSecure/CVE-2009-1437

This repository contains a functional exploit for CVE-2009-1437, targeting CoolPlayer+ <= 2.19.6. The exploit leverages a buffer overflow vulnerability to achieve remote code execution via a crafted .m3u file.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CoolPlayer+ <= 2.19.6
No auth needed
Prerequisites: Access to the target's file system or ability to serve a malicious .m3u file
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49984
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8489
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8519
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34816
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8520
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/53885
Various Sources x_refsource_misc
https://hansesecure.de/vulnerability-in-coolplayer/

Scores

EPSS 0.1399
EPSS Percentile 96.1%

Details

CWE
CWE-119
Status published
Products (1)
coolplayer/coolplayer 2.19.1
Published Apr 27, 2009
Tracked Since Feb 18, 2026