Kmplayer 3.8.0.122 / 3.8.0.123 DLL Hijacking

2014-04-28 / 2014-05-05
Risk: Medium
Local: Yes
Remote: No
CWE: N/A

# Kmplayer 3.8.0.122 / 3.8.0.123 DLL Hijacking # ########################### # # Exploit Title: [Media Player Classic Memory Corruption] # Date: [2014/04/22] # Exploit Author: [Aryan Bayaninejad] # Linkedin : https://www.linkedin.com/profile/view?id=276969082 # Vendor Homepage: [http://www.kmplayer.com/] # Software Link: [http://www.softpedia.com/progDownload/KMPlayer-Download-26726.html] # Version: [Version 3.8.0.122 and 3.8.0.123 ] # Tested on: [Windows Xp Sp3 - 32bit & Windows 7 - 32bit & 64bit] # CVE : [CVE-2014-2985] # ########################### details: Untrusted search path vulnerability in Kmplayer latest version [3.8.0.123] when running on Windows 7, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top