Buffer Overflow in KMPlayer Versions Allowing Remote Code Execution
CVE-2009-2896

Currently unrated

Key Information:

Vendor

Kde

Status
Kmplayer
Vendor
CVE Published:
20 August 2009

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 20%

What is CVE-2009-2896?

A buffer overflow vulnerability exists in KMPlayer versions 2.9.4.1433 and earlier. This flaw permits remote attackers to execute arbitrary code or trigger a denial of service by sending a specially crafted long string within a subtitle (.srt) playlist file. As a result, careful management of subtitle files is crucial to mitigate potential exploits, as unauthorized access can lead to serious repercussions.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-2896 - Proof of Concept

References

http://www.vupen.com/english/advisories/2009/1959
vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/35745
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/51882
vdb-entryx_refsource_XF

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.