Km Player Crash PoC - Remote Crash Exploit

Published / (Updated)
Credit
Risk
2017-03-20 / 2017-03-21
Ashiyane Digital Security Team
Low
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

##########################################################
# Title : Km Player Crash PoC - Remote Crash Exploit
# Author : Ashiyane Digital Security Team
# Product : Android Application.
# Vendor : www.kmplayer.com
# Download: http://www.kmplayer.com/mobile
# Test On : Huawei CHM-U01 And Android ver 4.4.2 And
# Date : 2017 20 March
###############################################
# Contact Us : Twitter.com/ShakeriHassan - Fb.com/General.BlackHat - Me@Seravo.ir
# Website : Ashiyane.org
###############################################
java.lang.NullPointerException
at com.kmplayer.view.FileListFragment.getMediaByItem(FileListFragment.java:278)
at com.kmplayer.view.FileListFragment$13.onItemClick(FileListFragment.java:559)
at android.widget.AdapterView.performItemClick(AdapterView.java:302)
at android.widget.AbsListView.performItemClick(AbsListView.java:1146)
at android.widget.AbsListView$PerformClick.run(AbsListView.java:2952)
at android.widget.AbsListView$3.run(AbsListView.java:3724)
at android.os.Handler.handleCallback(Handler.java:733)
at android.os.Handler.dispatchMessage(Handler.java:95)
at android.os.Looper.loop(Looper.java:136)
at android.app.ActivityThread.main(ActivityThread.java:5291)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:849)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:665)
at dalvik.system.NativeStart.main(Native Method)
at Android.MODEL(CHM-U01)
at Android.VERSION(4.4.2)
at Android.FINGERPRINT(Honor/CHM-U01/hwCHM-H:4.4.2/HonorCHM-U01/C185B120:user/ota-rel-keys,release-keys)
###############################################
# Hassan Shakeri
##########################################################

References:

http://www.kmplayer.com/mobile
http://twitter.com/ShakeriHassan


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com