Km Player Crash PoC - Remote Crash Exploit

2017-03-20 / 2017-03-21
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

########################################################## # Title : Km Player Crash PoC - Remote Crash Exploit # Author : Ashiyane Digital Security Team # Product : Android Application. # Vendor : www.kmplayer.com # Download: http://www.kmplayer.com/mobile # Test On : Huawei CHM-U01 And Android ver 4.4.2 And # Date : 2017 20 March ############################################### # Contact Us : Twitter.com/ShakeriHassan - Fb.com/General.BlackHat - Me@Seravo.ir # Website : Ashiyane.org ############################################### java.lang.NullPointerException at com.kmplayer.view.FileListFragment.getMediaByItem(FileListFragment.java:278) at com.kmplayer.view.FileListFragment$13.onItemClick(FileListFragment.java:559) at android.widget.AdapterView.performItemClick(AdapterView.java:302) at android.widget.AbsListView.performItemClick(AbsListView.java:1146) at android.widget.AbsListView$PerformClick.run(AbsListView.java:2952) at android.widget.AbsListView$3.run(AbsListView.java:3724) at android.os.Handler.handleCallback(Handler.java:733) at android.os.Handler.dispatchMessage(Handler.java:95) at android.os.Looper.loop(Looper.java:136) at android.app.ActivityThread.main(ActivityThread.java:5291) at java.lang.reflect.Method.invokeNative(Native Method) at java.lang.reflect.Method.invoke(Method.java:515) at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:849) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:665) at dalvik.system.NativeStart.main(Native Method) at Android.MODEL(CHM-U01) at Android.VERSION(4.4.2) at Android.FINGERPRINT(Honor/CHM-U01/hwCHM-H:4.4.2/HonorCHM-U01/C185B120:user/ota-rel-keys,release-keys) ############################################### # Hassan Shakeri ##########################################################

References:

http://www.kmplayer.com/mobile
http://twitter.com/ShakeriHassan


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top