CVE-2010-0356

Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow via DrawText strFontName Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2010-0356. PoCs published by Metasploit, shinnai, including Metasploit module exploits/windows/browser/viscom_movieplayer_drawtext.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack-based buffer overflow in Viscom Software Movie Player Pro SDK ActiveX 6.8 via a long strFontName parameter to the DrawText method. It includes DEP and ASLR bypass techniques for IE8 with Java support.

Description

Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18134

This is a Metasploit module exploiting a stack-based buffer overflow in Viscom Software Movie Player Pro SDK ActiveX 6.8 via a long strFontName parameter to the DrawText method. It includes DEP and ASLR bypass techniques for IE8 with Java support.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Viscom Software Movie Player Pro SDK ActiveX 6.8
No auth needed
Prerequisites: Victim must trust the publisher Viscom Software · Target must have the vulnerable ActiveX control installed · Java support for DEP/ASLR bypass on IE8
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by shinnai · textremotewindows
https://www.exploit-db.com/exploits/12320

This exploit demonstrates a stack-based buffer overflow in Viscom Software Movie Player Pro SDK ActiveX 6.8 via the 'DrawText' method's 'strFontName' parameter. It overwrites EIP with a hardcoded address and includes shellcode for arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Viscom Software Movie Player Pro SDK ActiveX 6.8.0.0
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and enabled in the browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by shinnai · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb

This Metasploit module exploits a stack-based buffer overflow in the Viscom Software Movie Player Pro SDK ActiveX control via the DrawText method. It includes ROP chains to bypass DEP and ASLR on various Windows versions with Java support.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Viscom Software Movie Player Pro SDK ActiveX 6.8
No auth needed
Prerequisites: Victim must trust the publisher Viscom Software · Target must have the vulnerable ActiveX control installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, URL Repurposed x_refsource_misc
http://www.shinnai.net/exploits/X6hU4E0E7P5H3qH5yXrn.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55536
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0093
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38156

Scores

EPSS 0.3016
EPSS Percentile 98.0%

Details

CWE
CWE-119
Status published
Products (1)
viscomsoft/movie_player_pro_sdk_activex 6.8
Published Jan 18, 2010
Tracked Since Feb 18, 2026