Home

Description

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server interaction.

PUBLISHED Reserved 2025-12-13 | Published 2025-12-15 | Updated 2025-12-15 | Assigner VulnCheck




HIGH: 7.5CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Cleartext Transmission of Sensitive Information

Product status

2.3.90.5360
affected

Credits

M. Akil Gündoğan finder

References

www.exploit-db.com/exploits/51719 exploit

www.exploit-db.com/exploits/51719 (ExploitDB-51719) exploit

www.gomlab.com/ (GOM Lab Vendor Webpage) technical-description

www.vulncheck.com/...ode-execution-via-insecure-ie-component (VulnCheck Advisory: GOM Player 2.3.90.5360 Remote Code Execution via Insecure IE Component) third-party-advisory

cve.org (CVE-2023-53875)

nvd.nist.gov (CVE-2023-53875)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.