# Kmplayer 3.8.0.122 / 3.8.0.123 DLL Hijacking
#
###########################
#
# Exploit Title: [Media Player Classic Memory Corruption]
# Date: [2014/04/22]
# Exploit Author: [Aryan Bayaninejad]
# Linkedin : https://www.linkedin.com/profile/view?id=276969082
# Vendor Homepage: [http://www.kmplayer.com/]
# Software Link: [http://www.softpedia.com/progDownload/KMPlayer-Download-26726.html]
# Version: [Version 3.8.0.122 and 3.8.0.123 ]
# Tested on: [Windows Xp Sp3 - 32bit & Windows 7 - 32bit & 64bit]
# CVE : [CVE-2014-2985]
#
###########################
details:
Untrusted search path vulnerability in Kmplayer latest version [3.8.0.123] when running on Windows 7, and XP, allows local
users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.