CVE-2023-1745

low-risk

Published 2023-03-30

A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability.

Do I need to act?

0.16% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Kmplayer

Affected Vendors

Pandora

References (10)

Third Party Advisory https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view

Exploit https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc

Permissions Required https://vuldb.com/?ctiid.224633

Permissions Required https://vuldb.com/?id.224633

Exploit https://youtu.be/7bh2BQOqxFo

Third Party Advisory https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view

Exploit https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc

Permissions Required https://vuldb.com/?ctiid.224633

Permissions Required https://vuldb.com/?id.224633

Exploit https://youtu.be/7bh2BQOqxFo

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal