CVE-2023-1745 - OpenCVE

A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pandora	Kmplayer

Configuration 1 [-]

cpe:2.3:a:pandora:kmplayer:4.2.2.73:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view
https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc
https://vuldb.com/?ctiid.224633
https://vuldb.com/?id.224633
https://youtu.be/7bh2BQOqxFo

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-03-30T23:00:05.358Z

Updated: 2024-08-02T05:57:25.126Z

Reserved: 2023-03-30T19:26:17.934Z

Link: CVE-2023-1745

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-03-30T23:15:06.520

Modified: 2024-05-17T02:18:24.733

Link: CVE-2023-1745

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1745", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-03-30T19:26:17.934Z", "datePublished": "2023-03-30T23:00:05.358Z", "dateUpdated": "2024-08-02T05:57:25.126Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-21T14:13:37.347Z"}, "title": "KMPlayer SHFOLDER.dll uncontrolled search path", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-427", "lang": "en", "description": "CWE-427 Uncontrolled Search Path"}]}], "affected": [{"vendor": "n/a", "product": "KMPlayer", "versions": [{"version": "4.2.2.73", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability."}, {"lang": "de", "value": "Eine Schwachstelle wurde in KMPlayer 4.2.2.73 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess in der Bibliothek SHFOLDER.dll. Mit der Manipulation mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2023-03-30T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-03-30T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-03-30T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-04-20T16:17:33.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "10cksYiqiyinHangzhouTechnology (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.224633", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.224633", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc", "tags": ["exploit"]}, {"url": "https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view", "tags": ["exploit"]}, {"url": "https://youtu.be/7bh2BQOqxFo", "tags": ["media-coverage"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:57:25.126Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.224633", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.224633", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc", "tags": ["exploit", "x_transferred"]}, {"url": "https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view", "tags": ["exploit", "x_transferred"]}, {"url": "https://youtu.be/7bh2BQOqxFo", "tags": ["media-coverage", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pandora:kmplayer:4.2.2.73:*:*:*:*:*:*:*", "matchCriteriaId": "06245D8C-E271-4184-AB85-E7F02FAE213A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability."}], "id": "CVE-2023-1745", "lastModified": "2024-05-17T02:18:24.733", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-03-30T23:15:06.520", "references": [{"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.224633"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.224633"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/7bh2BQOqxFo"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "cna@vuldb.com", "type": "Secondary"}]}