GOM Player is prone to a remote stack-based buffer-overflow vulnerability.The vulnerability is caused due to a boundary error when parsing a URL
within playlist files. This can be exploited to cause a stack-based
buffer overflow via a specially crafted e.g. PLS or ASX playlist file.
Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a malicious file.
Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a malicious file.
Failed attacks may cause a denial-of-service condition.
GOM Player 2.1.33.5071 is vulnerable.
It's tested that GOM player version 2.1.39.5101 Release [2012.01.10] is no more vulnerable.
Exploit Code:
Metasploit Module