Bugtraq is reporting a buffer overflow in an old version of Media Center. They are "not aware of any vendor-supplied patches for this issue", but I don't know why they would post something now on such an old version. Does anyone here know if the current version resolves these issues? There is a perl exploit posted, but it is not clear how an attacker would actually get you to execute the code. Doesn't look like much to worry about, but I was so surprised to see JRiver on the "Weekly Comprehensive List of Newly Discovered Vulnerabilities" - not really a list you want to be on, although you're always in good company there.
http://www.securityfocus.com/bid/19853Bugtraq ID: 19853
"J River Media Center Mediacenter.EXE Buffer Overflow Vulnerability
Media Center and various Media Center plugins are prone to a buffer-overflow vulnerability.
This issue occurs because the application fails to bounds-check data before copying it into a finite-sized buffer.
This issue allows remote attackers to cause the application to crash, denying service to the legitimate user. Arbitrary code execution may be possible, but this has not been confirmed.
Version 11.0.309 is vulnerable to this issue; other versions may also be affected."
Author
Topic: Buffer overflow? (Read 2008 times)