CVE-2011-5052

CoCSoft Stream Down 6.8.0 - Stack-Based Buffer Overflow via Long Download Response

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-5052. PoCs published by Fady Mohammed Osman, including Metasploit module exploits/windows/misc/stream_down_bof.

AI-analyzed exploit summary This is a Metasploit module exploiting a buffer overflow in StreamDown. It uses SEH overwrite with a hardcoded address (0x10019448) and a NOP sled to execute a reverse shell payload. Tested on Windows XP SP3 and Windows 7 SP1.

Description

Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote web servers to execute arbitrary code via a long response to a download request.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Fady Mohammed Osman · rubyremotewindows

https://www.exploit-db.com/exploits/18283

View Code ZIP pw:eip

This is a Metasploit module exploiting a buffer overflow in StreamDown. It uses SEH overwrite with a hardcoded address (0x10019448) and a NOP sled to execute a reverse shell payload. Tested on Windows XP SP3 and Windows 7 SP1.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: StreamDown (version unspecified)

No auth needed

Prerequisites: Network access to target · Target running vulnerable StreamDown software

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GOOD

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/stream_down_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a SEH-based buffer overflow in CoCSoft StreamDown 6.8.0 by sending a crafted HTTP response to trigger memory corruption and execute arbitrary code. The exploit leverages a known return address in DownloadMng.dll to bypass SEH protections.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: CoCSoft StreamDown 6.8.0

No auth needed

Prerequisites: Target must be running CoCSoft StreamDown 6.8.0 · Target must send an HTTP request to the attacker-controlled server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18283

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/47343

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/78043

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/72009

Scores

EPSS 0.3007

EPSS Percentile 98.0%

Details

CWE

CWE-119

Status published

Products (1)

cocsoft/stream_down 6.8

Published Jan 04, 2012

Tracked Since Feb 18, 2026