Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: MPlayer -- End of Life

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
Italia MPlayer -- End of Life
Member 26th Dec, 2010 23:39
Ranking: 1
Posts: 11
User Since: 21st Apr, 2010
System Score: 98%
Location: CA
I have read all the threads about the EOL of MPlayer 0.x, and the suggestion by Secunia to replace it with v1.x.

I'm experiencing the same EOL of MPlayer as the third party resource in SoThink's latest paid-version (v2.0 build 2-4) of their Web Video Downkloader. After referring SoThink to some of the threads on the subject in this forum -- including Secunia's graphic from the Quick Facts on MPlayer 0.x, their reply is as follows:

"Thanks for your reply and the detailed information provided!

After checking we found that the report from Secunia is false alarm, and you could ignore it.

Thanks for your support!

If you need further assistance, feel free to let us know.

Best wishes for a wonderful new year!"

I'm not comfortable with their response. So far, I un-installed the SoThink WVD with Revo Uninstaller, downloaded another copy from their website, reinstalled it, but still get the same EOL message.

Would you suggest I remove WVD from my system until SoThink upgrade their third-party MPlayer application?

thedillpickl RE: MPlayer -- End of Life
Contributor 27th Dec, 2010 05:03
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi Italia;

A bit hard to follow who said what to whom about what & where. Obviously you've done a lot of research on this forum concerning the MPlayer EOL.

You also say the WVD has the MPlayer as a 3rd party resourse and is showing EOL as part of that program as well.

If I understand you correctly, you sent information to SoThink from this forum and Secunia reports. You report that SoThink said that Secunia information is a "false alarm".

When I look in the Secunia Advisory under Sothink, the only vulnerability report I see is for Sothink SWF Decompiler 6.x , the total listing for all Sothink products is here: http://secunia.com/advisories/search/?search=SoThi...

Is the WVD you are having problems with called Sothink FLV Player 2.x ? If so, Secunia has this to say: http://secunia.com/advisories/product/16131/ In which the statement, "There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..". So if your version is fully patched it should be secure.

If the MPlayer that is EOL is some type of add on to the .flv player, it's use should be discontinued, it should be removed and replaced with the new, supported version you describe.


Regards;

Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+3
-0
Italia RE: MPlayer -- End of Life
Member 27th Dec, 2010 18:33
Score: 1
Posts: 11
User Since: 21st Apr 2010
System Score: 98%
Location: CA
You have understood me correctly. After point Sothink to the different advisories, and threads in the Secunia forum, and after sending them the actual message from Secunia on MPlayer, they replied to say it's "false alarm" from Secunia.

The Sothink application in question is their Web Video Downloader Stand Alone v2.0 -- http://www.sothinkmedia.com/web-video-downloader/ It's installed in C:\Program Files (x86)\SoThink Web Video Downloader Stand Alone\Encoder\MPlayer.exe.

The version of MPlayer.exe in question is v0.29851 found in WVD v2.0. Secunia recommend that the mplayer.exe should be upgraded to v1.x. In my opinion, Sothink is therefore responsible for carrying out this upgrade, especially when WVD is a paid-for version.

When I brought this their attention, and their response was Secunia's information is a "false alarm."

I'm considering uninstalling and replacing SoThink WVD.
Was this reply relevant?
+0
-0
thedillpickl RE: MPlayer -- End of Life
Contributor 28th Dec, 2010 03:18
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi Italia;

In the link you provide, Sothink says no 'add-ons' so MPlayer is embedded in the WVD. This means that Sothink has to update the MPlayer in WVD. Until they do that, there is a vulnerability. Other manufactures do this sort of thing with Flash and Java. They fix the problem when they feel it is necessary.

> Sothink's on-line manual had no info on MPlayer or listing of WVD specs.
> Sothink forum had 3 unrelated posts for MPlayer. http://www.sothinkmedia.com/phpBB2/search.php?keyw...

I would say that MPlayer is a non-issue for Sothink. You did contact their support and were told there is no problem. You can contact Secunia at support@secunia.com and ask if MPlayer update applies to the WVD, but from what you've said, I'm sure it does.

If you discontinue use of Sothink's WVD, I would recommend asking for a refund.


Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+1
-0
Italia RE: MPlayer -- End of Life
Member 28th Dec, 2010 16:18
Score: 1
Posts: 11
User Since: 21st Apr 2010
System Score: 98%
Location: CA
Thanks. I'll take your advise. After all, there are other downloaders of web-video apps around as free plugins. In any case I'll use them with caution.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability