Gmote Windows Security Exploit, Minor Bugs And Feature Suggestions liamtr Sun Feb 05 07:01:05 2012
Firstly, i have to say that this is a truly awesome project. Well done guys... huge fan here! Please be aware that the version of VLC (0.9.6.99) used in the Windows package is vulnerable to security exploits (often full system access unfortunately). Older versions of VLC unfortunately are vulnerable to a range of exploits... see here: http://secunia.com/community/advisories/search/?search=vlc Mind you, successful exploitation when used with Gmote would likely require a user played a specially crafted AV file, which are unfortunately not all that uncommon on the various file sharing networks. So, successful exploitation it's certainly a reasonable possibility. However the good news is that simply replacing vlc.exe in "C:\Program Files\GmoteServer\bin\VLC\" with the latest version of VLC for Windows (18.104.22.168) seems to work just fine. I have been using Gmote with the latest version of VLC for a while and not encountered any issues at all. Also, i have found a couple of other issues (bugs to be precise) which i would like to report: 1. Gmote stops responding when a Windows UAC (User Account Control) prompt appears (in Windows 7 32 bit - not sure about Vista though) 2. Gmote also stops responding when a program which uses IE (Internet Explorer) frames is opened. For eg, the Secunia PSI program (http:// secunia.com/vulnerability_scanning/personal/) uses IE frames and Gmote stops responding until the Window is closed. Again this is with Windows 7 32 bit. Am not sure about other versions of Windows. I am not sure if there is some sort of updating feature in Gmote for Windows (as i haven't used it long enough for an update to be released), but if there isn't one, it would certainly be worthwhile including one in future releases. If exploits (especially) or bug fixes become available, it is important for users to be at least notified (unless they opt out via a settings/install option etc). Might i also suggest that you allow users to add individual personal websites (privately - not via "www.gmote.org/web" on your publicly available website) to be opened and controlled via Gmote? YouTube, Hulu, Ted etc are great, but users may also wish to add specific websites such as local TV stations (which will not work outside of specific IP ranges for copyright/distribution reasons and therefore are not applicable to be added for all users). There are about 20 specific sites i would like to add and control directly via Gmote, many of which are region specific to the country i live in. For now i just open a custom html page i put together in my browser. Anyway, despite relatively minor issues, Gmote is still most definitely a fantastic program. I love it! Keep up the good work! Regards, Liam -- You received this message because you are subscribed to the Google Groups "gmote users" group. To post to this group, send email to [EMAIL PROTECTED] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/gmote-users?hl=en.
- Gmote Windows Security Exploit, Minor Bugs And Feature Suggestions liamtr 2012/02/05 <=