Security Advisory | KrCERT/CC - KISA 인터넷 보호나라&KrCERT

본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

KrCERT/CC

Security Advisory

home

CVE-2018-5200 | KMPlayer Heap Overflow vulnerability2018.12.19

□ Overview

o KMPlayer has a Heap Based Buffer Overflow Vulnerability. This results in a memory corruption and remote code execution.

Vulerability Type	Impact	Severity	CVE ID
Heap Overflow	Code execution	High	CVE-2018-5200

□ Description

o KMPlayer has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution.

□ Affected Products

Product	Version	PlatForm
KMPlayer	4.2.2.15 and prior	Windows

□ Solution

o Update to patched release version(4.2.2.16)

□ Reference site

http://www.kmplayer.com/home

□ Acknowledgements

o Thanks to Daehee Jang for reporting this vulerability through KrCERT/CC's Vulnerability Reward Program.

트위터 페이스북

다음글 CVE-2018-5201 | Hancom Office Heap Overflow Vulnerability 2018.12.20
이전글 CVE-2018-5198, CVE-2018-5199 | WIZVERA Veraport Remote Code Execution 2018.12.19

개인정보처리방침 FAQ 해킹·스팸개인정보침해 신고는 118

네이버 블로그

KISA 인터넷 보호나라&KrCERT

[나주본원] (58324) 전라남도 나주시 진흥길 9 한국인터넷진흥원 대표번호 : 1433-25(수신자 요금 부담)

[서울청사] (05717) 서울시 송파구 중대로 135 (가락동) IT벤처타워 [해킹ㆍ스팸개인정보침해 신고 118]

Copyright(C) 2021 KISA. All rights reserved.