CVE-2009-1646

Mini-stream RM Downloader 3.0.0.9 - Stack-based Buffer Overflow via Long RTSP URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-1646. PoCs published by G4N0K, TUNISIAN CYBER.

AI-analyzed exploit summary This exploit targets a local buffer overflow in RM Downloader 3.0.0.9 by crafting a malicious .RAM file with an oversized RTSP URL and embedded shellcode to execute arbitrary commands (e.g., calc.exe).

Description

Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long rtsp URL in a .ram file.

Exploits (2)

exploitdb WORKING POC VERIFIED
by G4N0K · perllocalwindows
https://www.exploit-db.com/exploits/8628

This exploit targets a local buffer overflow in RM Downloader 3.0.0.9 by crafting a malicious .RAM file with an oversized RTSP URL and embedded shellcode to execute arbitrary commands (e.g., calc.exe).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: RM Downloader 3.0.0.9
No auth needed
Prerequisites: Victim must open the malicious .RAM file with RM Downloader
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by TUNISIAN CYBER · pythonlocalwindows
https://www.exploit-db.com/exploits/36502

This exploit targets a local buffer overflow in RM Downloader v2.7.5.400 by overwriting the EIP with a specific address and executing a shellcode payload. The payload is a MessageBox shellcode designed to work on any Windows version.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: RM Downloader v2.7.5.400
No auth needed
Prerequisites: Local access to the target system · RM Downloader v2.7.5.400 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34860
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8628

Scores

EPSS 0.0506
EPSS Percentile 91.2%

Details

CWE
CWE-119
Status published
Products (1)
mini-stream/mini-stream_rm_downloader 3.0.0.9
Published May 15, 2009
Tracked Since Feb 18, 2026