<<< Date Index >>>     <<< Thread Index >>>

[Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability



[Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability

1. General Information

GOM Player is a popular multimedia player supporting multiple media formats (avi, mpeg,…). In March 2009, Bkis has detected a vulnerability in this software. With this vulnerability, users might lose sensible information, have viruses installed or have their system taken control after playing a media file. We have submitted the report to vendor.

Details : http://security.bkis.vn/?p=501
Bkis Advisory : Bkis-06-2009
Initial vendor notification : 03/20/2009
Release Date : 04/08/2009
Update Date : 04/08/2009
Discovered by : Bui Quang Minh - Bkis
Attack Type : Buffer Overflow
Security Rating : Critical
Impact : Code Execution
Affected Software : GOM Player 2.1.16.4613 (Prior version may be also affected)
PoC : http://security.bkis.vn/wp-content/uploads/2009/04/gom_poc.pl


2. Technical Description

Like other multimedia players, GOM Player supports displaying subtitles (srt, smi...) when playing multimedia files. The flaw is found in this function.

Specifically, in the handling process, GOM Player use srt2smi.exe module to convert srt to smi format. However, this module has not handled well with a crafted srt file, leading to buffer overrun.

To exploit this vulnerability, Hacker could craft a malicious srt file and a multimedia file. He then tricks users into playing it. Immediately after the file has been played, the malicious code will be executed. Especially, the exploit makes srt2smi.exe module fail but GOM Player still functions normally.

3. Solution

The vendor hasn’t fixed this vulnerability yet. Therefore, Bkis recommends that users should check carefully srt files by using some editor to preview srt content.