CVE-2018-9128

HIGH

DVD X Player Standard 5.5.3.9 - Buffer Overflow via Crafted PLF File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-9128. PoCs published by Paolo Perego, Prasenjit Kanti Paul.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in DVD X Player 5.5.3.8, leveraging a crafted playlist file to execute a reverse shell payload. The shellcode avoids bad characters and uses a backward jump to bypass SEH restrictions.

Description

DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf file, a related issue to CVE-2007-3068.

Exploits (2)

exploitdb WORKING POC
by Paolo Perego · pythonlocalwindows
https://www.exploit-db.com/exploits/46584

This exploit targets a buffer overflow vulnerability in DVD X Player 5.5.3.8, leveraging a crafted playlist file to execute a reverse shell payload. The shellcode avoids bad characters and uses a backward jump to bypass SEH restrictions.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DVD X Player 5.5.3.8
No auth needed
Prerequisites: Victim must open the malicious playlist file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Prasenjit Kanti Paul · textlocalwindows_x86
https://www.exploit-db.com/exploits/44438

This exploit leverages a SEH-based buffer overflow in DVD X Player Standard 5.5.3.9 to achieve remote code execution via a crafted .plf file. The payload is a shell_bind_tcp shellcode generated by msfvenom, targeting Windows XP SP3 x86.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DVD X Player Standard 5.5.3.9
No auth needed
Prerequisites: Victim must open the malicious .plf file with DVD X Player Standard 5.5.3.9
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44438/
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46584/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/152177/DVD-X-Player-5.5.3-Buffer-Overflow.html

Scores

CVSS v3 7.8
EPSS 0.0488
EPSS Percentile 90.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
dvd-x-player/dvd_x_player 5.5.3.9
Published Apr 01, 2018
Tracked Since Feb 18, 2026