lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <49DC5985.3050305@bkav.com.vn>
Date: Wed, 08 Apr 2009 15:00:05 +0700
From: Bkis <svrt@...v.com.vn>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability

[Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability

1. General Information

GOM Player is a popular multimedia player supporting multiple media 
formats (avi, mpeg,…). In March 2009, Bkis has detected a vulnerability 
in this software. With this vulnerability, users might lose sensible 
information, have viruses installed or have their system taken control 
after playing a media file. We have submitted the report to vendor.

Details : http://security.bkis.vn/?p=501
Bkis Advisory : Bkis-06-2009
Initial vendor notification : 03/20/2009
Release Date : 04/08/2009
Update Date : 04/08/2009
Discovered by : Bui Quang Minh - Bkis
Attack Type : Buffer Overflow
Security Rating : Critical
Impact : Code Execution
Affected Software : GOM Player 2.1.16.4613 (Prior version may be also 
affected)
PoC : http://security.bkis.vn/wp-content/uploads/2009/04/gom_poc.pl


2. Technical Description

Like other multimedia players, GOM Player supports displaying subtitles 
(srt, smi...) when playing multimedia files. The flaw is found in this 
function.

Specifically, in the handling process, GOM Player use srt2smi.exe module 
to convert srt to smi format. However, this module has not handled well 
with a crafted srt file, leading to buffer overrun.

To exploit this vulnerability, Hacker could craft a malicious srt file 
and a multimedia file. He then tricks users into playing it. Immediately 
after the file has been played, the malicious code will be executed. 
Especially, the exploit makes srt2smi.exe module fail but GOM Player 
still functions normally.

3. Solution

The vendor hasn’t fixed this vulnerability yet. Therefore, Bkis 
recommends that users should check carefully srt files by using some 
editor to preview srt content.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ