Input validation error in kmplayer - CVE-2012-3841
Published: July 4, 2012 / Updated: August 11, 2020
Vulnerability identifier: #VU43915
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2012-3841
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: KDE.org
Affected software:
kmplayer
kmplayer
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory. Per indicated reference links 1182120 and 1182121, the attack can be leveraged remotely has been scored as such pending clarification of CVE description.
How to mitigate CVE-2012-3841
Install update from vendor's website.