K-Lite Mega Codec Pack based Local Windows Explorer DOS PoC

vendor:

K-Lite Mega Codec Pack

by:

Aodrulez

7.5

CVSS

HIGH

Denial of Service (DoS)

400

CWE

Product Name: K-Lite Mega Codec Pack

Affected Version From: 3.5.7.0

Affected Version To: 3.5.7.0

Patch Exists: Yes

Related CWE: N/A

CPE: a:codecguide:k-lite_mega_codec_pack

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2008

K-Lite Mega Codec Pack based Local Windows Explorer DOS PoC

K-Lite Mega Codec Pack based Local Windows Explorer DOS PoC is a proof-of-concept exploit that crashes Windows Explorer when a user tries to use, select, or highlight the attached Test7.flv file in Windows Explorer. This causes Windows Explorer to crash.

Mitigation:

Users should update their K-Lite Mega Codec Pack to the latest version to prevent this vulnerability.

Source

Exploit-DB raw data:

K-Lite Mega Codec Pack based Local Windows Explorer DOS PoC.
Version:3.5.7.0

"vsfilter.dll"(Version 1.0.1.4) that comes bundled with the above Codec Pack
crashes when we try to use,select or even highlight the
attached "Test7.flv" file in Windows Explorer,causing Explorer
to Crash.



Greetz fly out to:
1]LiquidWorm : For being so nice.....n guiding me.. :)
2]str0ke : For goin thru all my silly e-mails.
3]Amforked() : My mentor.
------------------------------------------------------------------
By:       Aodrulez, 
    www.OrchidSeven.com, 
   aodrulez.blogspot.com.

Email: f3arm3d3ar@gmail.com
------------------------------------------------------------------

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6565.rar (2008-test7.rar)

# milw0rm.com [2008-09-25]