Kmplayer 3.8.0.122 / 3.8.0.123 DLL Hijacking

2014-04-28 / 2014-05-05

Credit: Aryan Bayaninejad

Risk: Medium

Local: Yes

Remote: No

CVE: CVE-2014-2985

CWE: N/A

# Kmplayer 3.8.0.122 / 3.8.0.123 DLL Hijacking
#
###########################
#
# Exploit Title: [Media Player Classic Memory Corruption]
# Date: [2014/04/22]
# Exploit Author: [Aryan Bayaninejad]
# Linkedin : https://www.linkedin.com/profile/view?id=276969082
# Vendor Homepage: [http://www.kmplayer.com/]
# Software Link: [http://www.softpedia.com/progDownload/KMPlayer-Download-26726.html]
# Version: [Version 3.8.0.122 and 3.8.0.123 ]
# Tested on: [Windows Xp Sp3 - 32bit & Windows 7 - 32bit & 64bit]
# CVE : [CVE-2014-2985]
#
###########################
details:
Untrusted search path vulnerability in Kmplayer latest version [3.8.0.123] when running on Windows 7, and XP, allows local
users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Kmplayer 3.8.0.122 / 3.8.0.123 DLL Hijacking

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.