Loading...

gmote-users@googlegroups.com

[Prev] Thread [Next]  |  [Prev] Date [Next]

Gmote Windows Security Exploit, Minor Bugs And Feature Suggestions liamtr Sun Feb 05 07:01:05 2012

Firstly, i have to say that this is a truly awesome project. Well done
guys... huge fan here!

Please be aware that the version of VLC (0.9.6.99) used in the Windows
package is vulnerable to security exploits (often full system access
unfortunately). Older versions of VLC unfortunately are vulnerable to
a range of exploits... see here: 
http://secunia.com/community/advisories/search/?search=vlc

Mind you, successful exploitation when used with Gmote would likely
require a user played a specially crafted AV file, which are
unfortunately not all that uncommon on the various file sharing
networks. So, successful exploitation it's certainly a reasonable
possibility.

However the good news is that simply replacing vlc.exe in "C:\Program
Files\GmoteServer\bin\VLC\" with the latest version of VLC for Windows
(1.1.11.0) seems to work just fine. I have been using Gmote with the
latest version of VLC for a while and not encountered any issues at
all.

Also, i have found a couple of other issues (bugs to be precise) which
i would like to report:
1. Gmote stops responding when a Windows UAC (User Account Control)
prompt appears (in Windows 7 32 bit - not sure about Vista though)
2. Gmote also stops responding when a program which uses IE (Internet
Explorer) frames is opened. For eg, the Secunia PSI program (http://
secunia.com/vulnerability_scanning/personal/) uses IE frames and Gmote
stops responding until the Window is closed. Again this is with
Windows 7 32 bit. Am not sure about other versions of Windows.

I am not sure if there is some sort of updating feature in Gmote for
Windows (as i haven't used it long enough for an update to be
released), but if there isn't one, it would certainly be worthwhile
including one in future releases. If exploits (especially) or bug
fixes become available, it is important for users to be at least
notified (unless they opt out via a settings/install option etc).

Might i also suggest that you allow users to add individual personal
websites (privately - not via "www.gmote.org/web" on your publicly
available website) to be opened and controlled via Gmote? YouTube,
Hulu, Ted etc are great, but users may also wish to add specific
websites such as local TV stations (which will not work outside of
specific IP ranges for copyright/distribution reasons and therefore
are not applicable to be added for all users).
There are about 20 specific sites i would like to add and control
directly via Gmote, many of which are region specific to the country i
live in. For now i just open a custom html page i put together in my
browser.


Anyway, despite relatively minor issues, Gmote is still most
definitely a fantastic program. I love it! Keep up the good work!

Regards,

Liam

-- 
You received this message because you are subscribed to the Google Groups 
"gmote users" group.
To post to this group, send email to [EMAIL PROTECTED]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/gmote-users?hl=en.