CVE-2009-3536

EpicDJSoftware EpicVJ 1.2.8.0 and 1.3.1.2 - Stack-Based Buffer Overflow via Long String in Playlist File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3536. PoCs published by hack4love.

AI-analyzed exploit summary This exploit is a local heap overflow PoC for EpicVJ 1.2.8.0, targeting the .mpl/.m3u file parser. It creates a malicious .m3u file with a large buffer of 'A' characters to trigger a crash.

Description

Multiple stack-based buffer overflows in EpicDJSoftware EpicVJ 1.2.8.0 and 1.3.1.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a (1) .m3u or (2) .mpl playlist file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by hack4love · perldoswindows
https://www.exploit-db.com/exploits/9200

This exploit is a local heap overflow PoC for EpicVJ 1.2.8.0, targeting the .mpl/.m3u file parser. It creates a malicious .m3u file with a large buffer of 'A' characters to trigger a crash.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: EpicVJ 1.2.8.0
No auth needed
Prerequisites: Local access to the target system · Ability to create a .m3u file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35869
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51826
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9200
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1955

Scores

EPSS 0.0586
EPSS Percentile 92.2%

Details

CWE
CWE-119
Status published
Products (2)
epicdjsoftware/epicvj 1.2.8.0
epicdjsoftware/epicvj 1.3.1.2
Published Oct 02, 2009
Tracked Since Feb 18, 2026