CVE-2018-11529

HIGH

Debian Linux < 2.2.8 - Use After Free

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-11529. PoCs published by Metasploit, Eugene Ng - GovTech, Winston Ho - GovTech, including Metasploit module exploits/windows/fileformat/vlc_mkv.

AI-analyzed exploit summary This Metasploit module exploits a use-after-free vulnerability in VLC Media Player <= 2.2.8 via malformed MKV files, achieving remote code execution through a crafted ROP chain and heap spray.

Description

VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/45626

This Metasploit module exploits a use-after-free vulnerability in VLC Media Player <= 2.2.8 via malformed MKV files, achieving remote code execution through a crafted ROP chain and heap spray.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: VLC Media Player <= 2.2.8
No auth needed
Prerequisites: Victim must open a malicious MKV file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by Eugene Ng - GovTech, Winston Ho - GovTech · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/vlc_mkv.rb

This Metasploit module exploits a use-after-free vulnerability in VLC Media Player (CVE-2018-11529) by crafting malicious MKV files to achieve remote code execution. It includes ROP chains for both x86 and x64 architectures on Windows 10.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: VLC Media Player <= 2.2.8
No auth needed
Prerequisites: Victim must open a malicious MKV file in VLC
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041311
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Jul/28
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45626/
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2018/dsa-4251

Scores

CVSS v3 8.0
EPSS 0.7382
EPSS Percentile 98.8%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (2)
debian/debian_linux 9.0
videolan/vlc_media_player < 2.2.8
Published Jul 11, 2018
Tracked Since Feb 18, 2026