CVE-2009-3812

OtsAV DJ, Radio, and TV 1.85.64.0 - Heap-Based Buffer Overflow via Long Playlist in OFL File

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-3812. PoCs published by Stack, hack4love.

AI-analyzed exploit summary This exploit demonstrates a local heap overflow vulnerability in OtsAv DJ, TV, and Radio software by creating a malicious .olf playlist file with an excessive number of 'A' or 'E' characters, leading to potential arbitrary code execution.

Description

Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio trial version 1.85.64.0, TV trial version 1.85.64.0, and Free version 1.77.001 allows remote attackers to execute arbitrary code via a long playlist in an Ots File List (.ofl) file.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Stack · textdoswindows

https://www.exploit-db.com/exploits/9113

View Code ZIP pw:eip

This exploit demonstrates a local heap overflow vulnerability in OtsAv DJ, TV, and Radio software by creating a malicious .olf playlist file with an excessive number of 'A' or 'E' characters, leading to potential arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: OtsAv DJ, TV, and Radio (versions unspecified)

No auth needed

Prerequisites: Local access to the target system · Ability to create and import a malicious .olf playlist file

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by hack4love · perldoswindows

https://www.exploit-db.com/exploits/9090

View Code ZIP pw:eip

This exploit is a local heap overflow PoC for otsAV DJ 1.85.064, which crashes the application by writing a large buffer of 'A' characters to a .ofl file. It demonstrates a DoS condition via a trivial buffer overflow.