Buffer overflow in Gomlab Gom_player

CVE-2011-5162

Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: this issue exists because of a CVE-2007-0707 regression.

Vulnerability class: Buffer Overflow

EPSS: 0.508 (97.9th percentile) — read the EPSS interpretation.

Affected products

Gomlab Gom_player — versions 2.1.33.5071
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

47009 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
gom-asx-bo(71575) (vdb-entry, x_refsource_XF)
18174 (exploit, x_refsource_EXPLOIT-DB)
33080 (x_refsource_OSVDB, vdb-entry)