CVE-2009-1667

Mini-stream CastRipper 2.50.70 - Stack-based Buffer Overflow via Long Entry in .m3u File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2009-1667. PoCs published by bibi-info, Super Cristal, Stack.

AI-analyzed exploit summary This exploit leverages a stack-based buffer overflow in CastRipper 2.50.70 via a maliciously crafted .M3U file to achieve arbitrary code execution (calc.exe) on Windows XP SP2. The payload uses a Metasploit-generated alphanumeric shellcode and overwrites the return address with a kernel32.dll address.

Description

Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137.

Exploits (4)

exploitdb WORKING POC VERIFIED
by bibi-info · clocalwindows
https://www.exploit-db.com/exploits/10646

This exploit leverages a stack-based buffer overflow in CastRipper 2.50.70 via a maliciously crafted .M3U file to achieve arbitrary code execution (calc.exe) on Windows XP SP2. The payload uses a Metasploit-generated alphanumeric shellcode and overwrites the return address with a kernel32.dll address.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CastRipper 2.50.70
No auth needed
Prerequisites: Victim must open the malicious .M3U file in CastRipper
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Super Cristal · pythonlocalwindows
https://www.exploit-db.com/exploits/8662

This exploit targets a stack overflow vulnerability in CastRipper 2.50.70 via a maliciously crafted .m3u file. It uses a universal JMP ESP address and alpha-numeric shellcode to execute arbitrary code (e.g., calc.exe).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CastRipper 2.50.70
No auth needed
Prerequisites: Victim must open the malicious .m3u file in CastRipper
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Stack · perllocalwindows
https://www.exploit-db.com/exploits/8661

This exploit targets a stack overflow vulnerability in CastRipper 2.50.70 via a maliciously crafted .m3u file. It uses a universal return address (jmp esp) and shellcode to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CastRipper 2.50.70
No auth needed
Prerequisites: Victim must open the malicious .m3u file in CastRipper
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by [0]x80->[H]4x²0r · perllocalwindows
https://www.exploit-db.com/exploits/8660

This exploit targets a local buffer overflow vulnerability in CastRipper 2.50.70 via a maliciously crafted .m3u file. It overwrites the EIP with a JMP ESP address from Kernel32.dll and executes a Metasploit-generated shellcode to spawn calc.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CastRipper 2.50.70
No auth needed
Prerequisites: Victim must open the malicious .m3u file in CastRipper
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/8661
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/8660
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/8662

Scores

EPSS 0.2140
EPSS Percentile 97.3%

Details

CWE
CWE-119
Status published
Products (1)
mini-stream/castripper 2.50.70
Published May 18, 2009
Tracked Since Feb 18, 2026