CVE-2023-53875 – GOM Player 2.3.90.5360 contains a remote code e... (How to Fix)

Q: What is the severity of CVE-2023-53875?

CVE-2023-53875 has a CVSS score of 8.8 (HIGH). GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code on victim systems. Attackers can exploit this via DNS spoofing and malicious URL shortcuts to deliver reverse shells through SMB interactions. This affects users running the vulnerable version of GOM Player on Windows systems.

📋 TL;DR

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code on victim systems. Attackers can exploit this via DNS spoofing and malicious URL shortcuts to deliver reverse shells through SMB interactions. This affects users running the vulnerable version of GOM Player on Windows systems.

💻 Affected Systems

Products:

GOM Player

Versions: 2.3.90.5360

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Internet Explorer component integration which is present in default installation. Attack requires user interaction with malicious content.

📦 What is this software?

Gom Player by Gomlab

View all CVEs affecting Gom Player →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control, data exfiltration, ransomware deployment, and lateral movement within the network.

🟠

Likely Case

Attacker executes malicious code to steal credentials, install backdoors, or deploy malware on individual user systems.

🟢

If Mitigated

Limited impact with proper network segmentation, endpoint protection, and user awareness preventing successful exploitation.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploit requires DNS spoofing capability and user interaction with malicious shortcut. WebDAV and SMB techniques are used for payload delivery.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor website for latest version

Vendor Advisory: https://www.gomlab.com/

Restart Required: Yes

Instructions:

1. Visit https://www.gomlab.com/
2. Download latest version of GOM Player
3. Uninstall current version
4. Install updated version
5. Restart system

🔧 Temporary Workarounds

Disable Internet Explorer Integration

windows

Remove or disable the Internet Explorer component integration in GOM Player settings

Block SMB Outbound Connections

windows

Use firewall rules to block outbound SMB connections from user workstations

New-NetFirewallRule -DisplayName "Block SMB Outbound" -Direction Outbound -Protocol TCP -RemotePort 445 -Action Block

🧯 If You Can't Patch

Uninstall GOM Player completely from affected systems
Implement network segmentation to isolate vulnerable systems and block SMB traffic

🔍 How to Verify

Check if Vulnerable:

Check GOM Player version in Help > About. If version is 2.3.90.5360, system is vulnerable.

Check Version:

Check Help > About in GOM Player interface or examine installed programs in Control Panel

Verify Fix Applied:

Verify GOM Player version is updated to a version later than 2.3.90.5360

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from GOM Player or Internet Explorer
SMB connection attempts from user workstations to unknown external IPs
WebDAV protocol usage from GOM Player processes

Network Indicators:

DNS requests for suspicious domains from GOM Player
Outbound SMB connections on port 445 from workstations
WebDAV traffic patterns

SIEM Query:

Process Creation where Parent Process contains "gom" OR Process contains "iexplore" AND Destination Port = 445

📊 Metadata

CVE ID: CVE-2023-53875

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-319

EPSS Score: 0.22% exploit probability (44th percentile)

Published: December 15, 2025

Last Updated: December 18, 2025

🔗 References

https://www.exploit-db.com/exploits/51719 Exploit,Third Party Advisory,VDB Entry
https://www.gomlab.com/ Product
https://www.vulncheck.com/advisories/gom-player-remote-code-execution-via-insecure-ie-component Third Party Advisory
https://www.exploit-db.com/exploits/51719 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53875, you might also want to check these: