DivX Player Subtitle Parsing Buffer Overflow Vulnerability - Secunia Advisory:SA29780

Critical : Highly critical
Impact: System access
Where : From remote
Solution Status : Unpatched
Software: DivX for Windows 6.x DivX Player 6.x

securfrog has discovered a vulnerability in DivX Player, which can potentially be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the processing of subtitles. This can be exploited to cause a stack-based buffer overflow via an overly long subtitle line contained in a malicious SRT file.
Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into opening a specially crafted SRT file.
The vulnerability is confirmed in DivX Player 6.7 (build Other versions may also be affected.

Player はインストールせずにDivX Codec と Web Playerのみインストールしているけど、バージョンはかなり古い6.2.5だったりする。(汗