CVE-2019-25735

AllPlayer 7.4 Local Buffer Overflow via SEH Unicode

CVSS 8.6 HIGHEPSS 0.1%CWE-120

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code execution to run arbitrary commands with user privileges.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Allplayer · AllPlayer

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/46668unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://allplayer.org/Download/ALLPlayerEN.exe https://www.allplayer.org/https://www.exploit-db.com/exploits/46668 https://www.vulncheck.com/advisories/allplayer-local-buffer-overflow-via-seh-unicode