CVE-2009-1641

Mini-stream Ripper 3.0.1.1 - Remote Code Execution via Long RTSP URL or HREF Attribute

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-1641. PoCs published by G4N0K, including Metasploit module exploits/windows/fileformat/shadow_stream_recorder_bof.

AI-analyzed exploit summary This Perl script exploits a local buffer overflow in Mini-stream Ripper 3.0.1.1 by crafting a malicious .RAM file with an overly long RTSP URL, followed by a NOP sled, return address, and shellcode to execute arbitrary commands (e.g., calc.exe).

Description

Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.

Exploits (3)

exploitdb WORKING POC VERIFIED
by G4N0K · perllocalwindows
https://www.exploit-db.com/exploits/8631

This Perl script exploits a local buffer overflow in Mini-stream Ripper 3.0.1.1 by crafting a malicious .RAM file with an overly long RTSP URL, followed by a NOP sled, return address, and shellcode to execute arbitrary commands (e.g., calc.exe).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mini-stream Ripper 3.0.1.1
No auth needed
Prerequisites: Victim must open the malicious .RAM file in Mini-stream Ripper
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by G4N0K · perllocalwindows
https://www.exploit-db.com/exploits/8632

This Perl script generates a malicious .ASX file that exploits a local buffer overflow vulnerability in Mini-stream Ripper 3.0.1.1 via an overly long HREF attribute. It includes a Metasploit-generated shellcode payload to execute arbitrary commands (e.g., calc.exe).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Mini-stream Ripper 3.0.1.1
No auth needed
Prerequisites: Victim must open the malicious .ASX file with Mini-stream Ripper 3.0.1.1
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/shadow_stream_recorder_bof.rb

This Metasploit module exploits a buffer overflow in Shadow Stream Recorder 3.0.1.7 by crafting a malicious ASX file. The exploit triggers arbitrary code execution when the victim opens the file, leveraging a known vulnerable DLL return address.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Shadow Stream Recorder 3.0.1.7
No auth needed
Prerequisites: Victim must open the malicious ASX file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34864
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34860
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8632
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8631
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50375

Scores

EPSS 0.3092
EPSS Percentile 98.0%

Details

CWE
CWE-119
Status published
Products (1)
mini-stream/ripper 3.0.1.1
Published May 15, 2009
Tracked Since Feb 18, 2026