Input validation error in Gretech GOM Player
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2013-5716 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
GOM Player Client/Desktop applications / Multimedia software |
| Vendor | Gretech Corp. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU42595
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2013-5716
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file.
MitigationInstall update from vendor's website.
Vulnerable software versionsGOM Player: 2.0.6 - 2.1.50.5145
CPE2.3- cpe:2.3:a:gretech_corp:gom_player:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:gretech_corp:gom_player:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:gretech_corp:gom_player:2.0.11:*:*:*:*:*:*:*
http://www.exploit-db.com/exploits/28080
http://www.securityfocus.com/bid/62173
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
