14 DAY TRIAL // Gretech released GOM Player 2.1.39.5101 to address the vulnerabilities identified by Georgian security researcher Ucha Gobejishvili a couple of days ago.
The Vulnerability Lab expert made a proof-of-concept video to demonstrate how an attacker could locally or remotely exploit a security hole present in the popular media player.
He showed that by simply opening a cleverly crafter URL a cybercriminal could exploit the buffer overflow vulnerability and cause the application to crash.
Gobejishvili told us that he checked the new version of GOM Player for any signs of the flaw, his tests revealing that the issue no longer exists. According to the expert, it took Gretech only two days to address the vulnerability and release a new variant of the application from the moment he reported his findings.
Buffer overflow vulnerabilities are common in commercial software, but similar to cross-site scripting (XSS) problems, they are highly dangerous.
These weaknesses can be triggered by inputs that are created to execute code or change the way the application functions.
While in some cases the results can be less problematic for the users’ safety, in some circumstances they can lead to information disclosure or even data destruction.
Customers of GOM Player are advised to upgrade their products to the 2.1.39.5101 variant to ensure that they are protected against potential attacks.
The update can be made directly from the application, by accessing the General tab within the Preferences menu or by downloading GOM Player from the link provided bellow.
GOM Player 2.1.39.5101 is available for download here
Here is the video demonstration made by Ucha Gobejishvili to show the effects of the vulnerability:
