Short Name |
HTTP:STC:ACTIVEX:GOMPLAYER |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Gretech GOM Player Unsafe ActiveX Control |
Release Date |
2008/09/22 |
Update Number |
1291 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the Gretech GOM Player ActiveX Control. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the browser user.
GOM Player is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. This issue affects GOM Player 2.1.6.3499; other versions may also be vulnerable.