Unspecified vulnerability in Gretech GOM Media Player before 2.1.37.5091 allows remote attackers to execute arbitrary code via a crafted AVI file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gomlab | gom_media_player | * |
Unspecified vulnerability in the Open URL feature in Gretech GOM Media Player before 2.1.39.5101 has unknown impact and attack vectors, a different vulnerability than CVE-2007-5779 and CVE-2012-1264.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gomlab | gom_media_player | * |
Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gomlab | gom_player | 2.0.11 |
| gomlab | gom_player | 2.1.15.4610 |
| gomlab | gom_player | 2.1.28.5039 |
| gomlab | gom_player | 2.0.6 |
| gomlab | gom_player | 2.1.6 |
| gomlab | gom_player | 2.1.39.5101 |
| gomlab | gom_player | 2.1.14.4525 |
| gomlab | gom_player | 2.1.25.5015 |
| gomlab | gom_player | 2.1.49.5139 |
| gomlab | gom_player | 2.0.9 |
| gomlab | gom_player | 2.1.9.3754 |
| gomlab | gom_player | 2.1.33.5071 |
| gomlab | gom_player | 2.1.9.3753 |
| gomlab | gom_player | 2.1.37.5085 |
| gomlab | gom_player | 2.1.3 |
| gomlab | gom_player | 2.1.21.4846 |
| gomlab | gom_player | 2.1.8 |
| gomlab | gom_player | 2.1.1 |
| gomlab | gom_player | * |
| gomlab | gom_player | 2.1.40.5106 |
| gomlab | gom_player | 2.1.2 |
| gomlab | gom_player | 2.1.17.4710 |
| gomlab | gom_player | 2.1.27.5031 |
| gomlab | gom_player | 2.0.12 |
| gomlab | gom_player | 2.1.47.5133 |
| gomlab | gom_player | 2.1.18.4762 |
| gomlab | gom_player | 2.1.16.4631 |
| gomlab | gom_player | 2.1.43.5119 |
Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gomlab | gom_player | 2.0.11 |
| gomlab | gom_player | 2.1.15.4610 |
| gomlab | gom_player | 2.1.28.5039 |
| gomlab | gom_player | 2.0.6 |
| gomlab | gom_player | 2.1.6 |
| gomlab | gom_player | 2.1.39.5101 |
| gomlab | gom_player | 2.1.14.4525 |
| gomlab | gom_player | 2.1.25.5015 |
| gomlab | gom_player | 2.1.49.5139 |
| gomlab | gom_player | 2.1.50.5145 |
| gomlab | gom_player | 2.0.9 |
| gomlab | gom_player | 2.1.9.3754 |
| gomlab | gom_player | 2.1.33.5071 |
| gomlab | gom_player | 2.1.9.3753 |
| gomlab | gom_player | 2.1.37.5085 |
| gomlab | gom_player | 2.1.3 |
| gomlab | gom_player | 2.1.21.4846 |
| gomlab | gom_player | 2.1.8 |
| gomlab | gom_player | 2.1.1 |
| gomlab | gom_player | * |
| gomlab | gom_player | 2.1.40.5106 |
| gomlab | gom_player | 2.1.2 |
| gomlab | gom_player | 2.1.17.4710 |
| gomlab | gom_player | 2.1.27.5031 |
| gomlab | gom_player | 2.0.12 |
| gomlab | gom_player | 2.1.47.5133 |
| gomlab | gom_player | 2.1.18.4762 |
| gomlab | gom_player | 2.1.16.4631 |
| gomlab | gom_player | 2.1.43.5119 |
Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gomlab | gom_player | * |
GOM Media Player 2.2.57.5189 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gomlab | gom_media_player | * |
Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to cause a denial of service (launch outage) via a crafted image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gomlab | gom_player | * |
GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gomlab | gom_player | 2.3.10.5266 |
GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause application instability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gomlab | gom_player | 2.3.90.5360 |
GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server interaction.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gomlab | gom_player | 2.3.90.5360 |