CVE-2011-1574

libmodplug <0.8.8.2 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-1574. PoCs published by Metasploit, jduck, including Metasploit module exploits/windows/fileformat/vlc_modplug_s3m.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in libmod_plugin (CVE-2011-1574) by crafting a malicious S3M file to achieve remote code execution on VLC 1.1.8. It bypasses DEP via ROP but not ASLR.

Description

Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17252

This Metasploit module exploits a stack buffer overflow in libmod_plugin (CVE-2011-1574) by crafting a malicious S3M file to achieve remote code execution on VLC 1.1.8. It bypasses DEP via ROP but not ASLR.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: VideoLAN VLC 1.1.8
No auth needed
Prerequisites: VLC 1.1.8 or prior on Windows XP SP3 · User interaction to open malicious S3M file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/vlc_modplug_s3m.rb

This Metasploit module exploits a stack buffer overflow in VLC's libmod_plugin (CVE-2011-1574) via a malicious S3M file, achieving remote code execution on Windows XP SP3. It uses ROP to bypass DEP and includes a mutex to prevent double payload execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: VideoLAN VLC 1.1.8 (libmod_plugin.dll)
No auth needed
Prerequisites: Target must open the malicious S3M file in VLC 1.1.8 on Windows XP SP3
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://www.ubuntu.com/usn/USN-1148-1/
Exploit, Patch mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/04/11/13
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-201203-16.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44870
Exploit, Patch mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/04/11/6
Exploit, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=695420
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1025480
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48434
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2226
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8243
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2011-0477.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:085

Scores

EPSS 0.4294
EPSS Percentile 98.6%

Details

CWE
CWE-119
Status published
Products (7)
konstanty_bialkowski/libmodplug 0.8
konstanty_bialkowski/libmodplug 0.8.4
konstanty_bialkowski/libmodplug 0.8.5
konstanty_bialkowski/libmodplug 0.8.6
konstanty_bialkowski/libmodplug 0.8.7
konstanty_bialkowski/libmodplug 0.8.8
konstanty_bialkowski/libmodplug < 0.8.8.1
Published May 09, 2011
Tracked Since Feb 18, 2026