GOM Media Player 2.1.37 Buffer Overflow Vulnerability
|
来源:vfocus.net 作者:longrifle0x 发布时间:2012-03-13
|
|
Introduction: ============= GOM Player (Gretech Online Movie Player) is a 32/64-bit media player for Microsoft Windows, distributed by the Gretech Corporation of South Korea. It is the primary client player for South Korean GOM-TV, and is more popular in South Korea than any other media player. Key strengths inherited from libavcodec include wide ranging ability to play media files, including .flv - without needing to obtain an external codec, and the ability to play some broken media files. Both of those features are present in other projects using libavcodec like VLC and MPlayer, but are absent from some other media software, including Windows Media Player. Abstract: ========= The Vulnerability Laboratory Research Team discovered a Buffer Overflow Vulnerability on GOM Media Player v. 2.1.37 Exploitation-Technique: ======================= Local Severity: ========= High Vulnerable Module(s): [+] GomU+0x125cb7 Proof of Concept================= The vulnerability can be exploited by local & remote attackers. 1) Download & open the software client 2) Click open ==> Url.. 3) Put vulnerability code 4) now you will see result Executable search path is: ModLoad: 00400000 007a9000 GomU.exe ModLoad: 77790000 778cc000 ntdll.dll ModLoad: 76730000 76804000 C:\Windows\system32\kernel32.dll ModLoad: 75380000 753ca000 C:\Windows\system32\KERNELBASE.dll ModLoad: 70cf0000 70d22000 C:\Windows\system32\WINMM.dll ModLoad: 76aa0000 76b4c000 C:\Windows\system32\msvcrt.dll ModLoad: 765e0000 766a9000 C:\Windows\system32\USER32.dll ModLoad: 760f0000 7613e000 C:\Windows\system32\GDI32.dll ModLoad: 76590000 7659a000 C:\Windows\system32\LPK.dll ModLoad: 76810000 768ad000 C:\Windows\system32\USP10.dll ModLoad: 766b0000 7672b000 C:\Windows\system32\comdlg32.dll ModLoad: 761a0000 761f7000 C:\Windows\system32\SHLWAPI.dll ModLoad: 74070000 7420e000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll ModLoad: 754a0000 760ea000 C:\Windows\system32\SHELL32.dll ModLoad: 71380000 713d1000 C:\Windows\system32\WINSPOOL.DRV ModLoad: 76250000 762f0000 C:\Windows\system32\ADVAPI32.dll ModLoad: 768b0000 768c9000 C:\Windows\SYSTEM32\sechost.dll ModLoad: 76b70000 76c11000 C:\Windows\system32\RPCRT4.dll ModLoad: 6d8e0000 6d8fc000 C:\Windows\system32\oledlg.dll ModLoad: 762f0000 7644c000 C:\Windows\system32\ole32.dll ModLoad: 72dc0000 72dd9000 C:\Windows\system32\OLEPRO32.DLL ModLoad: 76c20000 76caf000 C:\Windows\system32\OLEAUT32.dll ModLoad: 768d0000 76a6d000 C:\Windows\system32\SETUPAPI.dll ModLoad: 752a0000 752c7000 C:\Windows\system32\CFGMGR32.dll ModLoad: 75360000 75372000 C:\Windows\system32\DEVOBJ.dll ModLoad: 74600000 74609000 C:\Windows\system32\VERSION.dll ModLoad: 76f80000 77075000 C:\Windows\system32\WININET.dll ModLoad: 76450000 76587000 C:\Windows\system32\urlmon.dll ModLoad: 75180000 7529d000 C:\Windows\system32\CRYPT32.dll ModLoad: 75170000 7517c000 C:\Windows\system32\MSASN1.dll ModLoad: 76d80000 76f7e000 C:\Windows\system32\iertutil.dll ModLoad: 765a0000 765d5000 C:\Windows\system32\WS2_32.dll ModLoad: 778d0000 778d6000 C:\Windows\system32\NSI.dll ModLoad: 76b50000 76b6f000 C:\Windows\system32\IMM32.dll ModLoad: 76cb0000 76d7c000 C:\Windows\system32\MSCTF.dll ModLoad: 71fa0000 71fbc000 C:\Windows\system32\iphlpapi.dll ModLoad: 71f90000 71f97000 C:\Windows\system32\WINNSI.DLL (668.151c): Break instruction exception - code 80000003 (first chance) eax=00000000 ebx=00000000 ecx=0012fb08 edx=777d7094 esi=fffffffe edi=00000000 eip=7783054e esp=0012fb24 ebp=0012fb50 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll - ntdll!LdrVerifyImageMatchesChecksum+0x633: 7783054e cc int 3 0:000> g ModLoad: 73ef0000 73f30000 C:\Windows\system32\uxtheme.dll ModLoad: 75080000 7508c000 C:\Windows\system32\CRYPTBASE.dll ModLoad: 10000000 100d3000 C:\Program Files\GRETECH\GomPlayer\lang\GomENG.dll ModLoad: 75010000 7502b000 C:\Windows\system32\SspiCli.dll ModLoad: 75100000 7510b000 C:\Windows\system32\profapi.dll ModLoad: 74a30000 74a74000 C:\Windows\system32\dnsapi.DLL ModLoad: 73780000 737d2000 C:\Windows\system32\RASAPI32.dll ModLoad: 73760000 73775000 C:\Windows\system32\rasman.dll ModLoad: 73750000 7375d000 C:\Windows\system32\rtutils.dll ModLoad: 6f050000 6f056000 C:\Windows\system32\sensapi.dll ModLoad: 75400000 75483000 C:\Windows\system32\CLBCatQ.DLL ModLoad: 74bb0000 74bc6000 C:\Windows\system32\CRYPTSP.dll ModLoad: 74950000 7498b000 C:\Windows\system32\rsaenh.dll ModLoad: 750f0000 750fe000 C:\Windows\system32\RpcRtRemote.dll ModLoad: 01fb0000 0201a000 C:\Program Files\GRETECH\GomPlayer\GomTVStrm.dll ModLoad: 73b30000 73b69000 C:\Windows\system32\MMDevAPI.DLL ModLoad: 73f30000 74025000 C:\Windows\system32\PROPSYS.dll ModLoad: 6f020000 6f050000 C:\Windows\system32\wdmaud.drv ModLoad: 6f010000 6f014000 C:\Windows\system32\ksuser.dll ModLoad: 739d0000 739d7000 C:\Windows\system32\AVRT.dll ModLoad: 6f320000 6f356000 C:\Windows\system32\AUDIOSES.DLL ModLoad: 6d9b0000 6d9b8000 C:\Windows\system32\msacm32.drv ModLoad: 6d990000 6d9a4000 C:\Windows\system32\MSACM32.dll ModLoad: 6d980000 6d987000 C:\Windows\system32\midimap.dll ModLoad: 64630000 64c5f000 C:\Windows\system32\Macromed\Flash\Flash10v.ocx ModLoad: 72c20000 72c92000 C:\Windows\system32\DSOUND.dll ModLoad: 73b70000 73b95000 C:\Windows\system32\POWRPROF.dll ModLoad: 72040000 720b9000 C:\Windows\system32\mscms.dll ModLoad: 74760000 74777000 C:\Windows\system32\USERENV.dll ModLoad: 6e1a0000 6ec20000 C:\Windows\system32\ieframe.dll ModLoad: 778e0000 778e5000 C:\Windows\system32\PSAPI.DLL ModLoad: 73710000 7374c000 C:\Windows\system32\OLEACC.dll ModLoad: 6e1a0000 6ec20000 C:\Windows\system32\ieframe.dll ModLoad: 778e0000 778e5000 C:\Windows\system32\PSAPI.DLL ModLoad: 73710000 7374c000 C:\Windows\system32\OLEACC.dll ModLoad: 73b10000 73b23000 C:\Windows\system32\dwmapi.dll ModLoad: 73640000 73661000 C:\Windows\system32\ntmarta.dll ModLoad: 76200000 76245000 C:\Windows\system32\WLDAP32.dll ModLoad: 74ff0000 74ff8000 C:\Windows\system32\Secur32.dll ModLoad: 74880000 74888000 C:\Windows\system32\credssp.dll ModLoad: 749c0000 749fa000 C:\Windows\system32\schannel.DLL ModLoad: 734d0000 734e0000 C:\Windows\system32\NLAapi.dll ModLoad: 739c0000 739d0000 C:\Windows\system32\napinsp.dll ModLoad: 73990000 739a2000 C:\Windows\system32\pnrpnsp.dll ModLoad: 738f0000 738fd000 C:\Windows\system32\wshbth.dll ModLoad: 74b70000 74bac000 C:\Windows\System32\mswsock.dll ModLoad: 738e0000 738e8000 C:\Windows\System32\winrnr.dll ModLoad: 718d0000 71908000 C:\Windows\System32\fwpuclnt.dll ModLoad: 714b0000 714b6000 C:\Windows\system32\rasadhlp.dll ModLoad: 75490000 75493000 C:\Windows\system32\Normaliz.dll ModLoad: 75030000 7507c000 C:\Windows\system32\apphelp.dll ModLoad: 74690000 74695000 C:\Windows\System32\wshtcpip.dll ModLoad: 74b60000 74b66000 C:\Windows\System32\wship6.dll ModLoad: 6b140000 6b16e000 C:\Windows\system32\MLANG.dll ModLoad: 72390000 7294c000 C:\Windows\System32\mshtml.dll ModLoad: 70fe0000 7100a000 C:\Windows\System32\msls31.dll ModLoad: 72ec0000 72ecb000 C:\Windows\system32\ImgUtil.dll ModLoad: 6b9d0000 6ba82000 C:\Windows\system32\jscript.dll ModLoad: 72d70000 72d7e000 C:\Windows\System32\pngfilt.dll ModLoad: 72f80000 72f8b000 C:\Windows\system32\msimtf.dll ModLoad: 73670000 73675000 C:\Windows\system32\msimg32.dll ModLoad: 69340000 694b7000 C:\Windows\system32\quartz.dll ModLoad: 04700000 0472f000 C:\Program Files\GRETECH\GomPlayer\GRFU.ax ModLoad: 6a450000 6a613000 C:\Windows\system32\d3d9.dll ModLoad: 71360000 71366000 C:\Windows\system32\d3d8thk.dll ModLoad: 68dc0000 68ea7000 C:\Windows\system32\DDRAW.dll ModLoad: 712f0000 712f6000 C:\Windows\system32\DCIMAN32.dll ModLoad: 04c80000 04d11000 C:\Windows\system32\igdumdx32.dll ModLoad: 07e40000 08311000 C:\Windows\system32\igdumd32.dll ModLoad: 04c80000 04d11000 C:\Windows\system32\igdumdx32.dll ModLoad: 07e40000 08311000 C:\Windows\system32\igdumd32.dll ModLoad: 6c770000 6c788000 C:\Windows\system32\DXVA2.DLL ModLoad: 685c0000 68678000 C:\Program Files\GRETECH\GomPlayer\GVF.ax ModLoad: 0a340000 0a4ac000 C:\Program Files\GRETECH\GomPlayer\GAF.ax ModLoad: 04c80000 04d11000 C:\Windows\system32\igdumdx32.dll ModLoad: 07e40000 08311000 C:\Windows\system32\igdumd32.dll ModLoad: 04c80000 04d11000 C:\Windows\system32\igdumdx32.dll ModLoad: 07e40000 08311000 C:\Windows\system32\igdumd32.dll ModLoad: 6c770000 6c788000 C:\Windows\system32\DXVA2.DLL (668.151c): Stack overflow - code c00000fd (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=0075747c ebx=0085447a ecx=00032608 edx=0656002e esi=0012f650 edi=0656002c eip=00525cb7 esp=0012f600 ebp=0012f618 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210202 *** ERROR: Module load completed but symbols could not be loaded for GomU.exe GomU+0x125cb7: 00525cb7 8501 test dword ptr [ecx],eax ds:0023:00032608=00000000 Risk: ===== The security risk of the buffer overflow vulnerability is estimated as high(-). Credits: ======== Ucha Gobejishvili ( longrifle0x) Video Demonstration: http://www.youtube.com/watch?v=uN87KAm53Zg
|
|
|
[推荐]
[评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
|
|
|
|
推荐广告 |
|
|
|
|