vendor:
KMPlayer
by:
Naser Farhadi
N/A
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: KMPlayer
Affected Version From: 3.9.1.136
Affected Version To: 3.9.1.136
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows 7 SP1 (32 bit)
2015
KMPlayer 3.9.1.136 Capture Unicode Buffer Overflow (ASLR Bypass)
This exploit targets KMPlayer version 3.9.1.136 and allows for a Unicode buffer overflow, bypassing ASLR. The exploit is written in Python and contains a shellcode payload.
Mitigation:
Update KMPlayer to a version that includes a patch for this vulnerability. Restrict access to KMPlayer to trusted users only.