Vulners
Lucene search
GOM Player 2.3.10.5266 - .fpx Denial of Service Exploit
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CVE-2017-5881 | 15 Feb 201700:00 | – | circl |
 | GOM Player '.fpx' File Denial of Service Vulnerability | 22 Feb 201700:00 | – | cnvd |
 | CVE-2017-5881 | 21 Feb 201707:46 | – | cve |
 | CVE-2017-5881 | 21 Feb 201707:46 | – | cvelist |
 | GOM Player 2.3.10.5266 - '.fpx' Denial of Service | 15 Feb 201700:00 | – | exploitdb |
 | EUVD-2017-14956 | 7 Oct 202500:30 | – | euvd |
 | GOM Player 2.3.10.5266 - .fpx Denial of Service | 15 Feb 201700:00 | – | exploitpack |
 | CVE-2017-5881 | 21 Feb 201707:59 | – | nvd |
 | Memory corruption | 21 Feb 201707:59 | – | prion |
# Exploit Title: GOM Player 2.3.10.5266 - Remote heap corruption (.fpx)
# Date: 2017-02-15
# Exploit Author: Peter Baris
# Exploit link: http://www.saptech-erp.com.au/resources/PoC.zip
# Software Link: http://player.gomlab.com/download.gom?language=eng
# CVE: CVE-2017-5881
# Version: 2.3.10.5266
# Tested on: Windows Server 2008 R2 x64, Windows 7 SP1 x64
POC:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/41367.zip
Open the malicious fpx file with CTRL+U, served by a webserver:
WinDbg
(864.150): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=092fcde8 ebx=00000000 ecx=41414141 edx=090ff798 esi=090ff790
edi=05b10000
eip=77902fe5 esp=10a9fbb4 ebp=10a9fc94 iopl=0 nv up ei ng nz na pe
cy
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b
efl=00010287
ntdll!RtlpFreeHeap+0x4d6:
77902fe5 8b19 mov ebx,dword ptr [ecx]
ds:002b:41414141=????????
0:022> !exchain
10a9fc84: ntdll!_except_handler4+0 (77946325)
CRT scope 0, func: ntdll!RtlpFreeHeap+b7d (7795b52d)
10a9fd54: *** WARNING: Unable to verify checksum for C:\Program Files
(x86)\GRETECH\GomPlayer\gvf.ax
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files (x86)\GRETECH\GomPlayer\gvf.ax -
gvf!DllGetClassObject+5801b (6e02bc7b)
10a9fdcc: gvf!DllGetClassObject+57af8 (6e02b758)
10a9fe00: gvf!DllGetClassObject+57ac8 (6e02b728)
10a9fe84: gvf!DllGetClassObject+57fe0 (6e02bc40)
10a9feac: gvf!DllGetClassObject+5d5e8 (6e031248)
10a9ff60: ntdll!_except_handler4+0 (77946325)
CRT scope 0, filter: ntdll!__RtlUserThreadStart+2e (77946608)
func: ntdll!__RtlUserThreadStart+63 (77948227)
10a9ff80: ntdll!FinalExceptionHandler+0 (779983b1)
Invalid exception stack at ffffffff
2017-02-04 notification sent to developers
2017-02-05 developerss requested information about the issue
2017-02-09 information sent with the PoC
no reply if they plan to release a fix or not
# 0day.today [2018-01-08] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Feb 2017 00:00Current
7.6High risk
Vulners AI Score7.6
EPSS0.08157