Gom Player 2.3.92.5362 DLL Hijacking

2024.01.14

Credit: Yehia Elghaly

Risk: High

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# Exploit Title: Gom Player 2.3.92.5362 - nvcuda.dll DLL Hijacking
# Date: 2023-01-03
# Exploit Author: Yehia Elghaly (Mrvar0x)
# Vendor Homepage: https://www.mrvar0x.com/
# Version: 2.3.92.5362
# Tested on: Windows 7, Windows 10
A DLL hijacking vulnerability has been discovered Gom Player 2.3.92.5362. When a user loads the application it will try to load nvcuda.dll missing DLL from the same directory. Using a crafted DLL from MSFVENOM, it is possible to execute arbitrary code in the context of the current logged in user.
Gom Player 2.3.92.5362 can also load any malicious DLL with any given name from any directory wihtout proper checking the loaded DLL for example. Open Gom Player -- Settings -- Filter/Codec -- Render Filter -- Advanced rendering method -- Add- Browse -- Then loaded lol.dll which is generated by MSFVENOM and it will execute a reverse shell

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Gom Player 2.3.92.5362 DLL Hijacking

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.