CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2023-1745 – KMPlayer SHFOLDER.dll uncontrolled search path
https://notcve.org/view.php?id=CVE-2023-1745
30 Mar 2023 — A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17259
https://notcve.org/view.php?id=CVE-2019-17259
08 Oct 2019 — KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee. KMPlayer versión 4.2.2.31, permite un User Mode Write AV que inicia en utils!src_new+0x000000000014d6ee. • http://www.kmplayer.com • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9133 – KMPlayer Subtitles parser Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2019-9133
09 Apr 2019 — When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. Al procesar archivos multimedia en formato de subtítulos, KMPlayer versión 2018.12.24.14 o anterior, no comprueba el tamaño del objeto correctamente, lo que conduce al subdesbordamiento de enteros y luego la lectura/escritu... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4D55BLGBNWNIMNI5N57WDPAFQCUIM6XX • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.0EPSS: 3%CPEs: 1EXPL: 0CVE-2018-5200 – KMPlayer Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-5200
20 Dec 2018 — KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution. KMPlayer, en versiones 4.2.2.15 y anteriores, tiene una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap). • https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30113 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 1CVE-2017-16952 – KMPlayer 4.2.2.4 - Denial of Service
https://notcve.org/view.php?id=CVE-2017-16952
28 Nov 2017 — KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file. KMPlayer 4.2.2.4 permite que atacantes remotos provoquen una denegación de servicio mediante un archivo NSV manipulado. • https://www.exploit-db.com/exploits/43185 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1CVE-2012-3841
https://notcve.org/view.php?id=CVE-2012-3841
03 Jul 2012 — Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory. Vulnerabilidad de ruta de búsqueda no confiable en KMPlayer v3.2.0.19, permite a usuarios locales ejecutar código de su elección y llevar a cabo un secuestro de DLL a través de un caballo de Troya en ehtrace.dll que se encuentre en el directorio actual de trabajo. • http://osvdb.org/81558 •
CVSS: 9.3EPSS: 10%CPEs: 1EXPL: 0CVE-2011-2594
https://notcve.org/view.php?id=CVE-2011-2594
02 Sep 2011 — Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other versions, allows remote attackers to execute arbitrary code via a playlist (.KPL) file with a long Title field. Desbordamiento de buffer basado en memoria dinámica en KMPlayer v3.0.0.1441, y posiblemente otras versiones, permiten a atacantes remotos ejecutar código de su elección a través un archivo de una lista de reproducción (.KPL) con campo Title largo. • http://secunia.com/advisories/45264 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 3CVE-2009-2896 – KMplayer 2.9.4.1433 - '.srt' Local Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-2896
20 Aug 2009 — Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer en KMplayer v2.9.4.1433 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o ejecutar código de su elección mediante una cadena larga en el subtítulo de... • https://www.exploit-db.com/exploits/9220 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 3CVE-2007-4941 – KMPlayer 2.9.3.1214 - Multiple Remote Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-4941
18 Sep 2007 — KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a .avi file with certain large "indx truck size" and nEntriesInuse values. KMPlayer 2.9.3.1210 y anteriores permite a atacantes remotos provocar denegación de servicio (consumo de CPU) a través de un archivo .avi con cierto "tamaño idx tratado" y valores nEntriesInuse. • https://www.exploit-db.com/exploits/30580 • CWE-399: Resource Management Errors •