PT-2007-6746 · Gretech · Gom Player+1
Rgod
·
Publicado
2007-11-01
·
Atualizado
2017-09-29
·
CVE-2007-5779
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
GOM Player version 2.1.6.3499
GomWeb3.dll version 1.0.0.12
Description
The issue is related to a buffer overflow in the GomManager ActiveX control. This can be exploited by remote attackers to execute arbitrary code via a long argument to the
OpenUrl method.Recommendations
For GOM Player version 2.1.6.3499, consider disabling the GomManager ActiveX control until a patch is available.
For GomWeb3.dll version 1.0.0.12, restrict access to the
OpenUrl method to minimize the risk of exploitation.Exploit
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gom Player
Gomweb3.Dll