Nytro Posted March 11, 2012 Report Posted March 11, 2012 Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37 Gobejishvili (longrifle0x) from The Vulnerability Laboratory Research Team discover Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37. GOM Player (Gretech Online Movie Player) is a 32/64-bit media player for Microsoft Windows, distributed by the Gretech Corporation of South Korea.A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity.In this case, The vulnerability can be exploited by local or remote attackers and Vulnerable module is GomU+0x125cb7.Proof of Concept:1) Download & open the software client2) Click open ==> Url..3) Put vulnerability code4) now you will see resulthttp://www.youtube.com/watch?v=uN87KAm53Zg&feature=player_embeddedIn buffer overflow attacks, the extra data may contain codes designed to trigger actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information.Sursa: [POC] Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37 | The Hacker News (THN) Quote
backdoorhk Posted March 29, 2012 Report Posted March 29, 2012 Nenea asta nu e o vulnerabilitate. Codu ala este folosit sa ca un "bug" care darama skype`urile Quote
malsploit Posted March 29, 2012 Report Posted March 29, 2012 Nenea asta nu e o vulnerabilitate. Codu ala este folosit sa ca un "bug" care darama skype`urile Asa face prostul cand vrea sa minimalizeze ceva. Citeste cate ceva despre Buffer Overflow sa vezi despre ce este vorba. Quote
ionut.hulub Posted March 29, 2012 Report Posted March 29, 2012 de ce nu si'a luat ban inca bankdoorhk? Quote
backdoorhk Posted March 30, 2012 Report Posted March 30, 2012 de ce nu si'a luat ban inca bankdoorhk?de ce sa imi iau ban ma? Quote
