CVE-2023-53875

HighPublic PoC

Published: 15 December 2025

Published

15 December 2025

Modified

18 December 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0036 57.8th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse…

shell with SMB server interaction.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the RCE vulnerability in GOM Player's IE component by requiring timely patching or updates to eliminate the flaw.

SC-21 Secure Name/Address Resolution Service (Recursive or Caching Resolver) partial match

prevent

Mitigates DNS spoofing attacks by enforcing secure DNS resolution with validation on caching resolvers, preventing redirection to malicious URLs.

SI-3 Malicious Code Protection partial match

preventdetect

Deploys malicious code protection mechanisms to scan for and block exploit payloads, reverse shells, or arbitrary code execution triggered via the IE component.

Security SummaryAI

CVE-2023-53875 is a remote code execution vulnerability in GOM Player version 2.3.90.5360, specifically within its Internet Explorer component. The flaw enables attackers to execute arbitrary code through DNS spoofing, as documented with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H) and mapped to CWE-319.

Remote attackers without privileges can exploit the vulnerability by redirecting victims to a malicious URL shortcut combined with a WebDAV technique. This interaction triggers a reverse shell execution involving SMB server communication, granting high-impact access to confidentiality, integrity, and availability on the victim's system, provided the user interacts with the crafted content.

References include a proof-of-concept exploit at https://www.exploit-db.com/exploits/51719, the vendor site at https://www.gomlab.com/, and a VulnCheck advisory at https://www.vulncheck.com/advisories/gom-player-remote-code-execution-via-insecure-ie-component, though specific patch or mitigation guidance is not detailed in the available information.

Details

CWE(s): CWE-319

Affected Products

gomlab

gom player

2.3.90.5360

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

The vulnerability is a remote code execution flaw in GOM Player's Internet Explorer component, exploited via malicious URL shortcut and WebDAV for arbitrary code execution with user interaction, directly enabling Exploitation for Client Execution (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.exploit-db.com/exploits/51719
Exploit, Third Party Advisory, VDB Entry · disclosure@vulncheck.com
https://www.gomlab.com/
Product · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/gom-player-remote-code-execution-via-insecure-ie-component
Third Party Advisory · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51719
Exploit, Third Party Advisory, VDB Entry · 134c704f-9b21-4f2e-91b3-4a467353bcc0