EIP-2026-115499

PRE-CVE

Karafun Player 1.20.86 - '.m3u' Crash (PoC)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-115499. PoCs published by Styxosaurus.

AI-analyzed exploit summary This exploit generates a malformed .m3u file with a large buffer of 'A' characters to trigger a denial-of-service condition in Karafun Player V1.20.86 when the file is loaded and the application is closed. The crash occurs due to improper handling of the crafted file.

Description

Karafun Player 1.20.86 - '.m3u' Crash (PoC)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Styxosaurus · perldoswindows

https://www.exploit-db.com/exploits/19184

View Code ZIP pw:eip

This exploit generates a malformed .m3u file with a large buffer of 'A' characters to trigger a denial-of-service condition in Karafun Player V1.20.86 when the file is loaded and the application is closed. The crash occurs due to improper handling of the crafted file.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Karafun Player V1.20.86

No auth needed

Prerequisites: Ability to deliver the crafted .m3u file to the target system

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026