A recently discovered proof of concept is taking advantage of popular media players to execute remote code and ultimately compromise computers.
Security experts at Check Point discovered the new attack vector where cybercriminals craft malicious subtitles files that are downloaded by a victim’s media player, according to a Check Point blog post.
In one attack scenario [video below], victims play videos that are pre-programmed to automatically download a malicious subtitle file from on online repository, according to Threat Post.
“These subtitle repositories are, in practice, treated as a trusted source by the user or media player,” according to Check Point. "Attackers have been manipulating the repositories to award their malicious subtitles a high score, which then results in the subtitles being served to the user.”
Check Point believes that poor coding of the subtitle parsing implementation is the cause of the bug.
Popular video players such as VLC Media Player, Kodi, Stremio, and Popcorn Time are impacted by the vulnerability that Check Point says leaves “millions of users exposed to this risk.”