CVE-2017-16952

MEDIUM

KMPlayer 4.2.2.4 - Denial of Service via Crafted NSV File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-16952. PoCs published by R.Yavari.

AI-analyzed exploit summary This exploit generates a malformed .nsv file that triggers a denial of service in KMPlayer v4.2.2.4 by writing a specific binary payload to a file. The payload causes the application to crash upon opening the file.

Description

KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file.

Exploits (1)

exploitdb WORKING POC

by R.Yavari · perldoswindows

https://www.exploit-db.com/exploits/43185

View Code ZIP pw:eip

This exploit generates a malformed .nsv file that triggers a denial of service in KMPlayer v4.2.2.4 by writing a specific binary payload to a file. The payload causes the application to crash upon opening the file.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: KMPlayer v4.2.2.4

No auth needed

Prerequisites: Ability to deliver the malformed .nsv file to the target system

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43185/

Scores

CVSS v3 5.5

EPSS 0.0125

EPSS Percentile 79.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-20

Status published

Products (1)

kmplayer/kmplayer 4.2.2.4

Published Nov 28, 2017

Tracked Since Feb 18, 2026