KrCERT/CC

Security Advisory (Korean)

home

Security Advisory Detail

CVE-2018-5200 | KMPlayer Heap Overflow vulnerability2018.12.19

□ Overview

o KMPlayer has a Heap Based Buffer Overflow Vulnerability. This results in a memory corruption and remote code execution.

Vulerability Type	Impact	Severity	CVE ID
Heap Overflow	Code execution	Critical	CVE-2018-5200

□ Description

o KMPlayer has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution.

□ Affected Products

Product	Version	PlatForm
KMPlayer	4.2.2.15 and prior	Windows

□ Solution

o Update to patched release version(4.2.2.16)

□ Reference site

http://www.kmplayer.com/home

□ Acknowledgements

o Thanks to Daehee Jang for reporting this vulerability through KrCERT/CC's Vulnerability Reward Program.

트위터 페이스북

다음글 CVE-2018-5201 | Hancom Office Heap Overflow Vulnerability 2018.12.20
이전글 CVE-2018-5198, CVE-2018-5199 | WIZVERA Veraport Remote Code Execution 2018.12.19

KISA 인터넷 보호나라&KrCERT

인터넷침해사고 경보단계

사이버위협

보안서비스

다운로드

상담 및 신고

자료실

빅데이터센터

KrCERT/CC

GOGO캠페인

KrCERT/CC

Security Advisory (Korean)

KISA 인터넷 보호나라&KrCERT