[Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability 1. General Information GOM Player is a popular multimedia player supporting multiple media formats (avi, mpeg,?). In March 2009, Bkis has detected a vulnerability in this software. With this vulnerability, users might lose sensible information, have viruses installed or have their system taken control after playing a media file. We have submitted the report to vendor. Details : http://security.bkis.vn/?p=501 Bkis Advisory : Bkis-06-2009 Initial vendor notification : 03/20/2009 Release Date : 04/08/2009 Update Date : 04/08/2009 Discovered by : Bui Quang Minh - Bkis Attack Type : Buffer Overflow Security Rating : Critical Impact : Code Execution Affected Software : GOM Player 2.1.16.4613 (Prior version may be also affected) PoC : http://security.bkis.vn/wp-content/uploads/2009/04/gom_poc.pl 2. Technical Description Like other multimedia players, GOM Player supports displaying subtitles (srt, smi...) when playing multimedia files. The flaw is found in this function. Specifically, in the handling process, GOM Player use srt2smi.exe module to convert srt to smi format. However, this module has not handled well with a crafted srt file, leading to buffer overrun. To exploit this vulnerability, Hacker could craft a malicious srt file and a multimedia file. He then tricks users into playing it. Immediately after the file has been played, the malicious code will be executed. Especially, the exploit makes srt2smi.exe module fail but GOM Player still functions normally. 3. Solution The vendor hasn?t fixed this vulnerability yet. Therefore, Bkis recommends that users should check carefully srt files by using some editor to preview srt content.