CVE-2009-3967

Ed Charkow SuperCharged Linking - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3967. PoCs published by rgod.

AI-analyzed exploit summary This is a buffer overflow PoC targeting the GDivX Zenith Player AviFixer Class (fix.dll v. 1.0.0.1) via a crafted HTML file. It exploits a vulnerability in Internet Explorer 6 on Windows XP SP2 by overflowing a buffer with a long string, potentially allowing arbitrary code execution.

Description

SQL injection vulnerability in browse.php in Ed Charkow SuperCharged Linking allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · htmldoswindows
https://www.exploit-db.com/exploits/9480

This is a buffer overflow PoC targeting the GDivX Zenith Player AviFixer Class (fix.dll v. 1.0.0.1) via a crafted HTML file. It exploits a vulnerability in Internet Explorer 6 on Windows XP SP2 by overflowing a buffer with a long string, potentially allowing arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: GDivX Zenith Player AviFixer Class (fix.dll v. 1.0.0.1) on Internet Explorer 6
No auth needed
Prerequisites: Internet Explorer 6 on Windows XP SP2 · GDivX Zenith Player with vulnerable fix.dll
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36450
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52693
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9480

Scores

EPSS 0.0101
EPSS Percentile 58.6%

Details

CWE
CWE-89
Status published
Products (1)
ed_charkow/supercharged_linking
Published Nov 18, 2009
Tracked Since Feb 18, 2026