EIP-2026-115522

PRE-CVE

KMPlayer 3.9.x - '.srt' Crash (PoC)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-115522. PoCs published by Peyman Motevalli Manesh.

AI-analyzed exploit summary This Perl script generates a malformed SRT subtitle file that triggers a crash in KMPlayer 3.9.x due to a buffer overflow vulnerability. The PoC creates a large payload with repeated characters to exploit the vulnerability when the subtitle is loaded.

Description

KMPlayer 3.9.x - '.srt' Crash (PoC)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Peyman Motevalli Manesh · perldoswindows

https://www.exploit-db.com/exploits/37717

View Code ZIP pw:eip

This Perl script generates a malformed SRT subtitle file that triggers a crash in KMPlayer 3.9.x due to a buffer overflow vulnerability. The PoC creates a large payload with repeated characters to exploit the vulnerability when the subtitle is loaded.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: KMPlayer 3.9.x

No auth needed

Prerequisites: KMPlayer 3.9.x installed on the target system · Ability to load a malicious SRT subtitle file

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026