INTERACT FORUM

More => Old Versions => JRiver Media Center 23 for Windows => Topic started by: wer on May 24, 2017, 08:06:19 pm

Title: Subtitle Vulnerability
Post by: wer on May 24, 2017, 08:06:19 pm

Not sure where else to post this, so forgive if I have it in the wrong place.

Have any of the recent versions (21/22/23) of MC been tested to see if they suffer from the recently discovered subtitle vulnerability?

This is an extremely dangerous vulnerability that allows remote code execution and complete takeover of a PC immediately after loading a specially formed subtitle file (in SRT and other formats).  If you're not familiar, do a google search for "subtitle vulnerability".

VLC has already been patched.

MC may not be vulnerable, but should be tested and if it is this needs to be addressed asap.  Also, I would contend, in previous versions (even though I know JRiver doesn't like to develop for past versions) due to the seriousness of it.

Both the internal player and MadVR might possibly be vectors for this.

I hadn't see this mentioned here so I wanted to bring it to JRiver's attention.

Thanks!

Title: Re: Subtitle Vulnerability
Post by: ferday on May 24, 2017, 08:54:28 pm

already dealt with

https://yabb.jriver.com/interact/index.php/topic,110753.0.html