Friday, February 17, 2012

GOM Player '.asx' File Unicode Stack Buffer Overflow Vulnerability[0day] [CVE-2007-0707]

GOM Player is prone to a remote stack-based buffer-overflow vulnerability.The vulnerability is caused due to a boundary error when parsing a URL within playlist files. This can be exploited to cause a stack-based buffer overflow via a specially crafted e.g. PLS or ASX playlist file.



Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a malicious file.
Failed attacks may cause a denial-of-service condition.

GOM Player 2.1.33.5071 is vulnerable.

It's tested that GOM player version 2.1.39.5101 Release [2012.01.10] is no more vulnerable.

Exploit Code:



Metasploit Module


1 comment:

  1. The Uttarakhand Board will release the UK Board tenth model paper 2020-21 at the side of the question papers quickly on its authentic internet site. Students could be capable of download the Uttarakhand Board Class 10 question papers Uttarakhand 10th Question Paper 2021 As quickly as they may be launched, students who can be acting for UK Board Class 10 examinations should guide them as them in getting familiarised with the UK tenth exam pattern in a higher manner.

    ReplyDelete