Signature Detail
Short Name |
HTTP:STC:ACTIVEX:GOMPLAYER |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Gretech GOM Player Unsafe ActiveX Control |
Release Date |
2008/09/22 |
Update Number |
1291 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Gretech GOM Player Unsafe ActiveX Control
This signature detects attempts to exploit a known vulnerability in the Gretech GOM Player ActiveX Control. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the browser user.
Extended Description
GOM Player is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. This issue affects GOM Player 2.1.6.3499; other versions may also be vulnerable.
Affected Products
- Gretech GOM Player 2.1.6 3499
References
- BugTraq: 26236
- CVE: CVE-2007-5779