CVE-2023-1745
MEDIUMKMPlayer 4.2.2.73 - Uncontrolled Search Path Element in SHFOLDER.dll
Title source: llmDescription
A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability.
References (5)
Core 5
Core References
Permissions Required, Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.224633
Permissions Required, Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.224633
Exploit, Third Party Advisory exploit
https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc
Third Party Advisory exploit
https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view
Exploit, Third Party Advisory media-coverage
https://youtu.be/7bh2BQOqxFo
Scores
CVSS v3
5.3
EPSS
0.0037
EPSS Percentile
28.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-427
Status
published
Products (1)
pandora/kmplayer
4.2.2.73
Published
Mar 30, 2023
Tracked Since
Feb 18, 2026