CVE-2023-1745

MEDIUM

KMPlayer 4.2.2.73 - Path Traversal

Title source: llm

Description

A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability.

References (5)

[Third Party Advisory] https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view

[Exploit, Third Party Advisory] https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc

View Exploit ZIP pw:eip

[Permissions Required, Third Party Advisory] https://vuldb.com/?ctiid.224633

[Permissions Required, Third Party Advisory] https://vuldb.com/?id.224633

[Exploit, Third Party Advisory] https://youtu.be/7bh2BQOqxFo

Scores

CVSS v3 5.3

EPSS 0.0007

EPSS Percentile 20.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-427

Status published

Affected Products (1)

pandora/kmplayer

Timeline

Published Mar 30, 2023

Tracked Since Feb 18, 2026