Not sure where else to post this, so forgive if I have it in the wrong place.
Have any of the recent versions (21/22/23) of MC been tested to see if they suffer from the recently discovered subtitle vulnerability?
This is an extremely dangerous vulnerability that allows remote code execution and complete takeover of a PC immediately after loading a specially formed subtitle file (in SRT and other formats). If you're not familiar, do a google search for "subtitle vulnerability".
VLC has already been patched.
MC may not be vulnerable, but should be tested and if it is this needs to be addressed asap. Also, I would contend, in previous versions (even though I know JRiver doesn't like to develop for past versions) due to the seriousness of it.
Both the internal player and MadVR might possibly be vectors for this.
I hadn't see this mentioned here so I wanted to bring it to JRiver's attention.
Thanks!