GOM Player Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in GOM Player version 2.3.90.5360. This issue arises from the application's Internet Explorer component, which uses an insecure HTTP connection. Attackers can exploit this vulnerability through DNS spoofing, redirecting victims to a malicious URL shortcut that, when accessed, executes arbitrary code. The exploitation involves a WebDAV technique to run a reverse shell that interacts with an SMB server.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Reproduction

The vulnerability can be reproduced by creating a malicious URL shortcut that points to a WebDAV resource hosted on an SMB server. This can be done by spoofing DNS to redirect the victim to the attacker's server. Once the victim opens GOM Player, the application will inadvertently execute the code hosted on the attacker's server, due to the insecure handling of HTTP connections in the Internet Explorer component.