CVE-2011-4496

Aviosoft DTV Player 1.0.1.2 - Buffer Overflow via Crafted PLF Playlist File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4496. PoCs published by modpr0be, sinn3r, including Metasploit module exploits/windows/fileformat/aviosoft_plf_buf.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in Aviosoft Digital TV Player Professional 1.0 by crafting a malicious playlist file (.plf) that triggers arbitrary code execution via SEH overwrite and ROP chain.

Description

Buffer overflow in Aviosoft DTV Player 1.0.1.2 allows remote attackers to execute arbitrary code via a crafted .plf (aka playlist) file.

Exploits (1)

metasploit WORKING POC GOOD

by modpr0be, sinn3r · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/aviosoft_plf_buf.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Aviosoft Digital TV Player Professional 1.0 by crafting a malicious playlist file (.plf) that triggers arbitrary code execution via SEH overwrite and ROP chain.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Aviosoft Digital TV Player Professional 1.0.1.2

No auth needed

Prerequisites: Victim must open a malicious .plf file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/998403

Scores

EPSS 0.1076

EPSS Percentile 95.3%

Details

CWE

CWE-119

Status published

Products (1)

aviosoft/dtv_player 1.0.1.2

Published Nov 21, 2011

Tracked Since Feb 18, 2026