Subtitle vulnerabilities attack allows for mass remote code execution

by Derek Kortepeter
Sept. 1, 2017 1 comment TechGenix vulnerabilities

Part of the job of a security researcher is to identify attacks that may not be in use currently, but can be leveraged for mass damage in the near future. Such is the case with a recent threat report from researchers at Check Point Software Technologies. The report in question details a “proof of concept” subtitle vulnerabilities attack” (aka an attack not found in the wild yet) that threatens roughly 200 million users of streaming platforms like VLC, Kodi (XBMC), Popcorn-Time and The attack in question is carried out by “a completely overlooked technique in which the cyberattack is delivered when movie subtitles are loaded by the user’s media player.” How this works is the threat actor may, as researchers did, send users to a malicious site that asks to download updates to subtitles. These updates in turn are malicious and can leverage the poor coding of the subtitle parsing implementation.

Steven Ulm 8 months ago

Pretty good methods and well explained! Thanks Derek!