Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37
The Hacker News
Ucha Gobejishvili (longrifle0x) from The Vulnerability Laboratory Research Team discover Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37. GOM Player (Gretech Online Movie Player) is a 32/64-bit media player for Microsoft Windows, distributed by the Gretech Corporation of South Korea.

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity.

In this case, The vulnerability can be exploited by local or remote attackers and Vulnerable module is GomU+0x125cb7.

Proof of Concept:
1) Download & open the software client
2) Click open ==> Url..
3) Put vulnerability code
4) now you will see result
In buffer overflow attacks, the extra data may contain codes designed to trigger actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.