CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2023-1745 – KMPlayer SHFOLDER.dll uncontrolled search path
https://notcve.org/view.php?id=CVE-2023-1745
A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc https://vuldb.com/?ctiid.224633 https://vuldb.com/?id.224633 https://youtu.be/7bh2BQOqxFo • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17259
https://notcve.org/view.php?id=CVE-2019-17259
KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee. KMPlayer versión 4.2.2.31, permite un User Mode Write AV que inicia en utils!src_new+0x000000000014d6ee. • http://www.kmplayer.com https://github.com/linhlhq/research/blob/master/README.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9133 – KMPlayer Subtitles parser Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2019-9133
When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. Al procesar archivos multimedia en formato de subtítulos, KMPlayer versión 2018.12.24.14 o anterior, no comprueba el tamaño del objeto correctamente, lo que conduce al subdesbordamiento de enteros y luego la lectura/escritura de la memoria fuera del limite. Un atacante puede explotar este problema induciendo a un usuario desprevenido para abrir un archivo malicioso. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4D55BLGBNWNIMNI5N57WDPAFQCUIM6XX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT5HBIKH64YRZFFAPXGOTHIQJHSTQJF7 https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34991 • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5200 – KMPlayer Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-5200
KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution. KMPlayer, en versiones 4.2.2.15 y anteriores, tiene una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap). • https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30113 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-16952 – KMPlayer 4.2.2.4 - Denial of Service
https://notcve.org/view.php?id=CVE-2017-16952
KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file. KMPlayer 4.2.2.4 permite que atacantes remotos provoquen una denegación de servicio mediante un archivo NSV manipulado. • https://www.exploit-db.com/exploits/43185 • CWE-20: Improper Input Validation •