[<prev] [next>] [day] [month] [year] [list]
Message-ID: <49DC5985.3050305@bkav.com.vn>
Date: Wed, 08 Apr 2009 15:00:05 +0700
From: Bkis <svrt@...v.com.vn>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability
[Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability
1. General Information
GOM Player is a popular multimedia player supporting multiple media
formats (avi, mpeg,…). In March 2009, Bkis has detected a vulnerability
in this software. With this vulnerability, users might lose sensible
information, have viruses installed or have their system taken control
after playing a media file. We have submitted the report to vendor.
Details : http://security.bkis.vn/?p=501
Bkis Advisory : Bkis-06-2009
Initial vendor notification : 03/20/2009
Release Date : 04/08/2009
Update Date : 04/08/2009
Discovered by : Bui Quang Minh - Bkis
Attack Type : Buffer Overflow
Security Rating : Critical
Impact : Code Execution
Affected Software : GOM Player 2.1.16.4613 (Prior version may be also
affected)
PoC : http://security.bkis.vn/wp-content/uploads/2009/04/gom_poc.pl
2. Technical Description
Like other multimedia players, GOM Player supports displaying subtitles
(srt, smi...) when playing multimedia files. The flaw is found in this
function.
Specifically, in the handling process, GOM Player use srt2smi.exe module
to convert srt to smi format. However, this module has not handled well
with a crafted srt file, leading to buffer overrun.
To exploit this vulnerability, Hacker could craft a malicious srt file
and a multimedia file. He then tricks users into playing it. Immediately
after the file has been played, the malicious code will be executed.
Especially, the exploit makes srt2smi.exe module fail but GOM Player
still functions normally.
3. Solution
The vendor hasn’t fixed this vulnerability yet. Therefore, Bkis
recommends that users should check carefully srt files by using some
editor to preview srt content.
Powered by blists - more mailing lists