Jump to content
Nytro

Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37

Recommended Posts

Posted

Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37

Buffer+Overflow+Vulnerability+in+GOM+Media+Player+  v.+2.1.37.jpg

Gobejishvili (longrifle0x) from The Vulnerability Laboratory Research Team discover Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37. GOM Player (Gretech Online Movie Player) is a 32/64-bit media player for Microsoft Windows, distributed by the Gretech Corporation of South Korea.

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity.

In this case, The vulnerability can be exploited by local or remote attackers and Vulnerable module is GomU+0x125cb7.

Proof of Concept:

1) Download & open the software client

2) Click open ==> Url..

3) Put vulnerability code

4) now you will see result

http://www.youtube.com/watch?v=uN87KAm53Zg&feature=player_embedded

In buffer overflow attacks, the extra data may contain codes designed to trigger actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information.

Sursa: [POC] Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37 | The Hacker News (THN)

Posted
Nenea asta nu e o vulnerabilitate. Codu ala este folosit sa ca un "bug" care darama skype`urile :)

Asa face prostul cand vrea sa minimalizeze ceva. Citeste cate ceva despre Buffer Overflow sa vezi despre ce este vorba.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...