| Title | KMPlayer DLL hijacking vulnerability |
|---|
| Description | KMPlayer x32 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.
Affected component
SHFOLDER.dll
Affected version
KMPlayer_4.2.2.73(Latest)
Vulnerability type
CWE-427: Uncontrolled Search Path Element
DLL planting vulnerability type
Current Working Directory (CWD) DLL planting
POC video
https://youtu.be/7bh2BQOqxFo |
|---|
| Source | ⚠️ https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc |
|---|
| User | 10cksYiqiyinHangzhouTechnology (UID 41666) |
|---|
| Submission | 03/21/2023 01:27 (3 years ago) |
|---|
| Moderation | 03/30/2023 21:26 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 224633 [KMPlayer 4.2.2.73 SHFOLDER.dll uncontrolled search path] |
|---|
| Points | 20 |
|---|