{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1745", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-03-30T19:26:17.934Z", "datePublished": "2023-03-30T23:00:05.358Z", "dateUpdated": "2024-08-02T05:57:25.126Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-21T14:13:37.347Z"}, "title": "KMPlayer SHFOLDER.dll uncontrolled search path", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-427", "lang": "en", "description": "CWE-427 Uncontrolled Search Path"}]}], "affected": [{"vendor": "n/a", "product": "KMPlayer", "versions": [{"version": "4.2.2.73", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability."}, {"lang": "de", "value": "Eine Schwachstelle wurde in KMPlayer 4.2.2.73 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess in der Bibliothek SHFOLDER.dll. Mit der Manipulation mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2023-03-30T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-03-30T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-03-30T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-04-20T16:17:33.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "10cksYiqiyinHangzhouTechnology (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.224633", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.224633", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc", "tags": ["exploit"]}, {"url": "https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view", "tags": ["exploit"]}, {"url": "https://youtu.be/7bh2BQOqxFo", "tags": ["media-coverage"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:57:25.126Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.224633", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.224633", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc", "tags": ["exploit", "x_transferred"]}, {"url": "https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view", "tags": ["exploit", "x_transferred"]}, {"url": "https://youtu.be/7bh2BQOqxFo", "tags": ["media-coverage", "x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pandora:kmplayer:4.2.2.73:*:*:*:*:*:*:*", "matchCriteriaId": "06245D8C-E271-4184-AB85-E7F02FAE213A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability."}], "id": "CVE-2023-1745", "lastModified": "2024-11-21T07:39:49.023", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-30T23:15:06.520", "references": [{"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.224633"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.224633"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/7bh2BQOqxFo"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.224633"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.224633"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/7bh2BQOqxFo"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}