CVE-2023-1745 - OpenCVE

A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Pandora	Kmplayer

Configuration 1 [-]

cpe:2.3:a:pandora:kmplayer:4.2.2.73:*:*:*:*:*:*:*

References

Link	Resource
https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view	Third Party Advisory
https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc	Exploit Third Party Advisory
https://vuldb.com/?ctiid.224633	Permissions Required Third Party Advisory
https://vuldb.com/?id.224633	Permissions Required Third Party Advisory
https://youtu.be/7bh2BQOqxFo	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2023-03-30T23:00:05.358Z

Updated: 2023-10-21T14:13:37.347Z

Reserved: 2023-03-30T19:26:17.934Z

Link: CVE-2023-1745

JSON object: View

NVD Information

Status : Modified

Published: 2023-03-30T23:15:06.520

Modified: 2024-05-17T02:18:24.733

Link: CVE-2023-1745

JSON object: View

Redhat Information

No data.

CWE

CWE-427

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-1745", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-03-30T19:26:17.934Z", "datePublished": "2023-03-30T23:00:05.358Z", "dateUpdated": "2023-10-21T14:13:37.347Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-21T14:13:37.347Z"}, "title": "KMPlayer SHFOLDER.dll uncontrolled search path", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-427", "lang": "en", "description": "CWE-427 Uncontrolled Search Path"}]}], "affected": [{"vendor": "n/a", "product": "KMPlayer", "versions": [{"version": "4.2.2.73", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability."}, {"lang": "de", "value": "Eine Schwachstelle wurde in KMPlayer 4.2.2.73 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess in der Bibliothek SHFOLDER.dll. Mit der Manipulation mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2023-03-30T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-03-30T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-03-30T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-04-20T16:17:33.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "10cksYiqiyinHangzhouTechnology (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.224633", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.224633", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc", "tags": ["exploit"]}, {"url": "https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view", "tags": ["exploit"]}, {"url": "https://youtu.be/7bh2BQOqxFo", "tags": ["media-coverage"]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pandora:kmplayer:4.2.2.73:*:*:*:*:*:*:*", "matchCriteriaId": "06245D8C-E271-4184-AB85-E7F02FAE213A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability."}], "id": "CVE-2023-1745", "lastModified": "2024-05-17T02:18:24.733", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-03-30T23:15:06.520", "references": [{"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.224633"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.224633"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/7bh2BQOqxFo"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "cna@vuldb.com", "type": "Secondary"}]}