Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

CVE-2019-17259 (GCVE-0-2019-17259)

Vulnerability from nvd – Published: 2019-10-08 11:14 – Updated: 2024-08-05 01:33

Summary

KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

2 references

URL	Tags
http://www.kmplayer.com	x_refsource_MISC
https://github.com/linhlhq/research/blob/master/R…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:33:17.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.kmplayer.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/linhlhq/research/blob/master/README.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-08T11:14:57.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.kmplayer.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/linhlhq/research/blob/master/README.md"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17259",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.kmplayer.com",
              "refsource": "MISC",
              "url": "http://www.kmplayer.com"
            },
            {
              "name": "https://github.com/linhlhq/research/blob/master/README.md",
              "refsource": "MISC",
              "url": "https://github.com/linhlhq/research/blob/master/README.md"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17259",
    "datePublished": "2019-10-08T11:14:57.000Z",
    "dateReserved": "2019-10-06T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:33:17.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-9133 (GCVE-0-2019-9133)

Vulnerability from nvd – Published: 2019-04-09 17:33 – Updated: 2024-08-04 21:38

Title

KMPlayer Subtitles parser Heap Overflow Vulnerability

Summary

When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file.

Severity

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

krcert

References

3 references

URL	Tags
https://www.boho.or.kr/krcert/secNoticeView.do?bu…	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA

Impacted products

1 product

Vendor	Product	Version
Pandora.tv	KMPlayer	Affected: KMPlayer , < 2018.12.24.14 (custom)

Date Public

2019-04-05 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:38:46.358Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34991"
          },
          {
            "name": "FEDORA-2019-32a2bf945e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4D55BLGBNWNIMNI5N57WDPAFQCUIM6XX/"
          },
          {
            "name": "FEDORA-2019-9b1da08d62",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT5HBIKH64YRZFFAPXGOTHIQJHSTQJF7/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x86, x64"
          ],
          "product": "KMPlayer",
          "vendor": "Pandora.tv",
          "versions": [
            {
              "lessThan": "2018.12.24.14",
              "status": "affected",
              "version": "KMPlayer",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-04-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn\u0027t check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-17T02:06:12.000Z",
        "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "shortName": "krcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34991"
        },
        {
          "name": "FEDORA-2019-32a2bf945e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4D55BLGBNWNIMNI5N57WDPAFQCUIM6XX/"
        },
        {
          "name": "FEDORA-2019-9b1da08d62",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT5HBIKH64YRZFFAPXGOTHIQJHSTQJF7/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "KMPlayer Subtitles parser Heap Overflow Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.6"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vuln@krcert.or.kr",
          "ID": "CVE-2019-9133",
          "STATE": "PUBLIC",
          "TITLE": "KMPlayer Subtitles parser Heap Overflow Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "KMPlayer",
                      "version": {
                        "version_data": [
                          {
                            "platform": "x86, x64",
                            "version_affected": "\u003c",
                            "version_name": "KMPlayer",
                            "version_value": "2018.12.24.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pandora.tv"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn\u0027t check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.6"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-190 Integer Overflow or Wraparound"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34991",
              "refsource": "MISC",
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34991"
            },
            {
              "name": "FEDORA-2019-32a2bf945e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4D55BLGBNWNIMNI5N57WDPAFQCUIM6XX/"
            },
            {
              "name": "FEDORA-2019-9b1da08d62",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT5HBIKH64YRZFFAPXGOTHIQJHSTQJF7/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
    "assignerShortName": "krcert",
    "cveId": "CVE-2019-9133",
    "datePublished": "2019-04-09T17:33:27.000Z",
    "dateReserved": "2019-02-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:38:46.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16952 (GCVE-0-2017-16952)

Vulnerability from nvd – Published: 2017-11-28 15:00 – Updated: 2024-08-05 20:43

Summary

KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

1 reference

URL	Tags
https://www.exploit-db.com/exploits/43185/	exploitx_refsource_EXPLOIT-DB

Date Public

2017-11-22 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:43:57.728Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43185",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/43185/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-28T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "43185",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/43185/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16952",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "43185",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/43185/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16952",
    "datePublished": "2017-11-28T15:00:00.000Z",
    "dateReserved": "2017-11-26T00:00:00.000Z",
    "dateUpdated": "2024-08-05T20:43:57.728Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3841 (GCVE-0-2012-3841)

Vulnerability from nvd – Published: 2012-07-03 22:00 – Updated: 2024-08-06 20:21

Summary

Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

3 references

URL	Tags
http://packetstormsecurity.org/files/112218/KMPla…	x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://osvdb.org/81558	vdb-entryx_refsource_OSVDB

Date Public

2012-04-26 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:21:04.075Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.org/files/112218/KMPlayer-3.2.0.19-DLL-Hijack.html"
          },
          {
            "name": "kmplayer-dll-code-execution(75193)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75193"
          },
          {
            "name": "81558",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/81558"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.org/files/112218/KMPlayer-3.2.0.19-DLL-Hijack.html"
        },
        {
          "name": "kmplayer-dll-code-execution(75193)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75193"
        },
        {
          "name": "81558",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/81558"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-3841",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.org/files/112218/KMPlayer-3.2.0.19-DLL-Hijack.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.org/files/112218/KMPlayer-3.2.0.19-DLL-Hijack.html"
            },
            {
              "name": "kmplayer-dll-code-execution(75193)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75193"
            },
            {
              "name": "81558",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/81558"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-3841",
    "datePublished": "2012-07-03T22:00:00.000Z",
    "dateReserved": "2012-07-03T00:00:00.000Z",
    "dateUpdated": "2024-08-06T20:21:04.075Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-2594 (GCVE-0-2011-2594)

Vulnerability from nvd – Published: 2011-09-02 16:00 – Updated: 2024-08-06 23:08

Summary

Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other versions, allows remote attackers to execute arbitrary code via a playlist (.KPL) file with a long Title field.

Severity

No CVSS data available.

CWE

n/a

Assigner

flexera

References

3 references

URL	Tags
http://secunia.com/advisories/45264	third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/49342	vdb-entryx_refsource_BID

Date Public

2011-08-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:08:23.089Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "45264",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45264"
          },
          {
            "name": "kmplayer-title-bo(69451)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69451"
          },
          {
            "name": "49342",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49342"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-08-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other versions, allows remote attackers to execute arbitrary code via a playlist (.KPL) file with a long Title field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "45264",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45264"
        },
        {
          "name": "kmplayer-title-bo(69451)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69451"
        },
        {
          "name": "49342",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49342"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2011-2594",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other versions, allows remote attackers to execute arbitrary code via a playlist (.KPL) file with a long Title field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "45264",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45264"
            },
            {
              "name": "kmplayer-title-bo(69451)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69451"
            },
            {
              "name": "49342",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/49342"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2011-2594",
    "datePublished": "2011-09-02T16:00:00.000Z",
    "dateReserved": "2011-06-29T00:00:00.000Z",
    "dateUpdated": "2024-08-06T23:08:23.089Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-17259 (GCVE-0-2019-17259)

Vulnerability from cvelistv5 – Published: 2019-10-08 11:14 – Updated: 2024-08-05 01:33

Summary

KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

2 references

URL	Tags
http://www.kmplayer.com	x_refsource_MISC
https://github.com/linhlhq/research/blob/master/R…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:33:17.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.kmplayer.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/linhlhq/research/blob/master/README.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-08T11:14:57.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.kmplayer.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/linhlhq/research/blob/master/README.md"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17259",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.kmplayer.com",
              "refsource": "MISC",
              "url": "http://www.kmplayer.com"
            },
            {
              "name": "https://github.com/linhlhq/research/blob/master/README.md",
              "refsource": "MISC",
              "url": "https://github.com/linhlhq/research/blob/master/README.md"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17259",
    "datePublished": "2019-10-08T11:14:57.000Z",
    "dateReserved": "2019-10-06T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:33:17.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-9133 (GCVE-0-2019-9133)

Vulnerability from cvelistv5 – Published: 2019-04-09 17:33 – Updated: 2024-08-04 21:38

Title

KMPlayer Subtitles parser Heap Overflow Vulnerability

Summary

When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file.

Severity

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

krcert

References

3 references

URL	Tags
https://www.boho.or.kr/krcert/secNoticeView.do?bu…	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA

Impacted products

1 product

Vendor	Product	Version
Pandora.tv	KMPlayer	Affected: KMPlayer , < 2018.12.24.14 (custom)

Date Public

2019-04-05 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:38:46.358Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34991"
          },
          {
            "name": "FEDORA-2019-32a2bf945e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4D55BLGBNWNIMNI5N57WDPAFQCUIM6XX/"
          },
          {
            "name": "FEDORA-2019-9b1da08d62",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT5HBIKH64YRZFFAPXGOTHIQJHSTQJF7/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x86, x64"
          ],
          "product": "KMPlayer",
          "vendor": "Pandora.tv",
          "versions": [
            {
              "lessThan": "2018.12.24.14",
              "status": "affected",
              "version": "KMPlayer",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-04-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn\u0027t check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-17T02:06:12.000Z",
        "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "shortName": "krcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34991"
        },
        {
          "name": "FEDORA-2019-32a2bf945e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4D55BLGBNWNIMNI5N57WDPAFQCUIM6XX/"
        },
        {
          "name": "FEDORA-2019-9b1da08d62",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT5HBIKH64YRZFFAPXGOTHIQJHSTQJF7/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "KMPlayer Subtitles parser Heap Overflow Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.6"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vuln@krcert.or.kr",
          "ID": "CVE-2019-9133",
          "STATE": "PUBLIC",
          "TITLE": "KMPlayer Subtitles parser Heap Overflow Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "KMPlayer",
                      "version": {
                        "version_data": [
                          {
                            "platform": "x86, x64",
                            "version_affected": "\u003c",
                            "version_name": "KMPlayer",
                            "version_value": "2018.12.24.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pandora.tv"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn\u0027t check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.6"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-190 Integer Overflow or Wraparound"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34991",
              "refsource": "MISC",
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34991"
            },
            {
              "name": "FEDORA-2019-32a2bf945e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4D55BLGBNWNIMNI5N57WDPAFQCUIM6XX/"
            },
            {
              "name": "FEDORA-2019-9b1da08d62",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT5HBIKH64YRZFFAPXGOTHIQJHSTQJF7/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
    "assignerShortName": "krcert",
    "cveId": "CVE-2019-9133",
    "datePublished": "2019-04-09T17:33:27.000Z",
    "dateReserved": "2019-02-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:38:46.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16952 (GCVE-0-2017-16952)

Vulnerability from cvelistv5 – Published: 2017-11-28 15:00 – Updated: 2024-08-05 20:43

Summary

KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

1 reference

URL	Tags
https://www.exploit-db.com/exploits/43185/	exploitx_refsource_EXPLOIT-DB

Date Public

2017-11-22 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:43:57.728Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43185",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/43185/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-28T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "43185",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/43185/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16952",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "43185",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/43185/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16952",
    "datePublished": "2017-11-28T15:00:00.000Z",
    "dateReserved": "2017-11-26T00:00:00.000Z",
    "dateUpdated": "2024-08-05T20:43:57.728Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3841 (GCVE-0-2012-3841)

Vulnerability from cvelistv5 – Published: 2012-07-03 22:00 – Updated: 2024-08-06 20:21

Summary

Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

3 references

URL	Tags
http://packetstormsecurity.org/files/112218/KMPla…	x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://osvdb.org/81558	vdb-entryx_refsource_OSVDB

Date Public

2012-04-26 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:21:04.075Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.org/files/112218/KMPlayer-3.2.0.19-DLL-Hijack.html"
          },
          {
            "name": "kmplayer-dll-code-execution(75193)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75193"
          },
          {
            "name": "81558",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/81558"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.org/files/112218/KMPlayer-3.2.0.19-DLL-Hijack.html"
        },
        {
          "name": "kmplayer-dll-code-execution(75193)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75193"
        },
        {
          "name": "81558",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/81558"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-3841",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.org/files/112218/KMPlayer-3.2.0.19-DLL-Hijack.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.org/files/112218/KMPlayer-3.2.0.19-DLL-Hijack.html"
            },
            {
              "name": "kmplayer-dll-code-execution(75193)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75193"
            },
            {
              "name": "81558",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/81558"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-3841",
    "datePublished": "2012-07-03T22:00:00.000Z",
    "dateReserved": "2012-07-03T00:00:00.000Z",
    "dateUpdated": "2024-08-06T20:21:04.075Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-2594 (GCVE-0-2011-2594)

Vulnerability from cvelistv5 – Published: 2011-09-02 16:00 – Updated: 2024-08-06 23:08

Summary

Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other versions, allows remote attackers to execute arbitrary code via a playlist (.KPL) file with a long Title field.

Severity

No CVSS data available.

CWE

n/a

Assigner

flexera

References

3 references

URL	Tags
http://secunia.com/advisories/45264	third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/49342	vdb-entryx_refsource_BID

Date Public

2011-08-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:08:23.089Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "45264",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45264"
          },
          {
            "name": "kmplayer-title-bo(69451)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69451"
          },
          {
            "name": "49342",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49342"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-08-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other versions, allows remote attackers to execute arbitrary code via a playlist (.KPL) file with a long Title field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "45264",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45264"
        },
        {
          "name": "kmplayer-title-bo(69451)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69451"
        },
        {
          "name": "49342",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49342"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2011-2594",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other versions, allows remote attackers to execute arbitrary code via a playlist (.KPL) file with a long Title field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "45264",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45264"
            },
            {
              "name": "kmplayer-title-bo(69451)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69451"
            },
            {
              "name": "49342",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/49342"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2011-2594",
    "datePublished": "2011-09-02T16:00:00.000Z",
    "dateReserved": "2011-06-29T00:00:00.000Z",
    "dateUpdated": "2024-08-06T23:08:23.089Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

10 vulnerabilities found for kmplayer by kmplayer

CVE-2019-17259 (GCVE-0-2019-17259)

CVE-2019-9133 (GCVE-0-2019-9133)

CVE-2017-16952 (GCVE-0-2017-16952)

CVE-2012-3841 (GCVE-0-2012-3841)

CVE-2011-2594 (GCVE-0-2011-2594)

CVE-2019-17259 (GCVE-0-2019-17259)

CVE-2019-9133 (GCVE-0-2019-9133)

CVE-2017-16952 (GCVE-0-2017-16952)

CVE-2012-3841 (GCVE-0-2012-3841)

CVE-2011-2594 (GCVE-0-2011-2594)