KMPlayerㅣForum
Korean Download Skins Testimonials User Map RSS
Everything that does not match one of the other categories.
View First Unread   Thread Tools Linear ModeHybrid ModeThreaded Mode
New Member
 
Join Date:  Jun 2011
Posts:  1
#1 | Link | KMPlayer MP3 File Processing Buffer Overflow Vulnerability, Posted 06-08-2011
A vulnerability has been discovered in KMPlayer, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when processing MP3 files
and can be exploited to cause a stack-based buffer overflow via a
specially crafted file.

Successful exploitation allows execution of arbitrary code, but
requires tricking a user into opening a malicious MP3 file.

The vulnerability is confirmed in version 3.0.0.1440. Other versions
may also be affected.

SOLUTION:
Do not open MP3 files from untrusted sources.

SECUNIA ADVISORY ID:
SA44825
bastik's Avatar
German moderator
 
Join Date:  May 2008
Location:  Germany
Posts:  3,993
#2 | Link | Posted 06-09-2011
Thank you for reporting!

https://secunia.com/advisories/44825/

Although there's no description what's causing the overflow I'd recommend to change the splitter/source filter and the decoder for MP3.

This issue has not been confirmed official yet.

EDIT: Secunia reports: "Where: From remote", and the description "tricking a user into opening a malicious MP3 file"
Would be "local" for me. However KMPlayer handles MP3 radio streams so it seems obvious to me that those should not be used until this is fixed. If those work then it would be "remote".
Please read this before you post and use the Forums Search. Read other sticky threads, too. Thank you.
--
Impurities make things work and sometimes unique.
koala's Avatar
Administrator
 
Join Date:  Apr 2011
Posts:  86
#3 | Link | Posted 06-10-2011
Thank you for reporting~ Ok we fixed this bug! Thank you very much for the info!
Emily
Facebook KMPmedia
Twitter KMPmedia

KMPmedia
Forum Management
koala's Avatar
Administrator
 
Join Date:  Apr 2011
Posts:  86
#4 | Link | Posted 06-10-2011
To avoid this bug;
- Open KMPlayer
- F2
- Click on Splitter on left menu
- Under General Tab for MP3
** Select anything OTHER THAN **KMP Bass MP3 Decoder (bass.dll)***
Emily
Facebook KMPmedia
Twitter KMPmedia

KMPmedia
Forum Management
Regular Member
 
Join Date:  Dec 2009
Posts:  120
#5 | Link | Posted 06-21-2011
1441 BUG
1. *.bIK can't Play
2. AAC noise
3. MP3 bass.dll can't Play RAR/ZIP MP3
4. EVR(C/A)BUG still, Did not fix!!!!!
5. LPCM,E-AC3 can't Play
.......
What are you doing?
New Member
 
Join Date:  Dec 2008
Posts:  6
#6 | Link | Posted 06-21-2011
I fully agree with the HXD and add that, too, became ill RealMedia reproduce at these same files in 1440 are going well.
If you want to just kill KMPlayer you are right.

P.S Sorry for English
Pantuflo's Avatar
Local Service Master
 
Join Date:  Feb 2006
Location:  Spain
Posts:  6,010
#7 | Link | Posted 06-21-2011
Sorry, but did you read the thread title? If you want to report/confirm any bug please go to its thread or open a new one.

Complaining or posting anywhere will not help to solve any problem.

Thanks.

(Closed: The main topic in this thread is solved)
Thread Tools
Display Modes
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Supported by PANDORA.TV
All times are GMT +9. The time now is 12:04 AM.
Contact Us - The KMPlayer - Archive - Top