Main Vulnerability Database SB2012070404

SB2012070404 - Input validation error in KDE kmplayer

Published: July 4, 2012 Updated: August 11, 2020

Security Bulletin ID SB2012070404

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2012-3841)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory. Per indicated reference links 1182120 and 1182121, the attack can be leveraged remotely has been scored as such pending clarification of CVE description.

Remediation

Install update from vendor's website.

References

http://osvdb.org/81558
http://packetstormsecurity.org/files/112218/KMPlayer-3.2.0.19-DLL-Hijack.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/75193