CVE-2023-53875
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-15

Last updated on: 2025-12-18

Assigner: VulnCheck

Description
GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server interaction.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-15
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-12-15
EPSS Evaluated
2026-06-14
NVD
CVE-2023-53875
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gomlab gom_player 2.3.90.5360
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-53875 is a remote code execution vulnerability in GOM Player version 2.3.90.5360 caused by an insecure Internet Explorer component embedded in the player. Attackers exploit this by performing DNS spoofing to redirect victims to a malicious URL shortcut combined with a WebDAV technique. This allows the attacker to run arbitrary code remotely, including establishing a reverse shell via SMB server interaction, effectively taking control of the victim's system. [1, 2]

Impact Analysis

This vulnerability can allow attackers to execute arbitrary code on your system remotely without requiring privileges but needing user interaction. Through DNS spoofing and malicious payload delivery, attackers can gain a reverse shell on your machine, potentially leading to full system compromise, data theft, or further network attacks. Given GOM Player's wide usage, this poses a significant security risk. [1, 2]

Detection Guidance

Detection of this vulnerability involves monitoring for suspicious DNS spoofing activity and unusual SMB server interactions related to GOM Player. Network administrators can look for DNS requests redirected to unauthorized IP addresses, especially for the domain 'playinfo.gomlab.com'. Additionally, monitoring for unexpected SMB connections or WebDAV traffic originating from systems running GOM Player 2.3.90.5360 may indicate exploitation attempts. Specific commands to assist detection include: 1) Using 'tcpdump' or 'Wireshark' to capture and analyze DNS traffic for spoofing signs, e.g., 'tcpdump -i <interface> port 53'. 2) Checking SMB connections with 'netstat -an | findstr 445' on Windows to identify unusual SMB sessions. 3) Using 'arp -a' to detect ARP spoofing. 4) Employing DNS spoof detection tools like 'dnsspoof' in monitoring mode. These steps help identify the attack chain involving DNS spoofing and SMB server interaction as described in the exploit. [2]

Mitigation Strategies

Immediate mitigation steps include: 1) Updating or patching GOM Player to a version that addresses this vulnerability, if available. 2) Restricting or blocking network traffic related to SMB (port 445) and WebDAV protocols from untrusted sources to prevent exploitation. 3) Implementing DNS security measures such as DNSSEC to prevent DNS spoofing attacks. 4) Monitoring and blocking suspicious DNS and ARP spoofing activities on the network. 5) Educating users to avoid opening suspicious URL shortcuts or files, especially those that may trigger the vulnerable IE component within GOM Player. 6) Considering disabling or restricting the use of the Internet Explorer component within GOM Player if possible. These steps reduce the risk of exploitation via the described attack chain involving DNS spoofing, malicious URL shortcuts, and SMB server interaction. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53875. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart