A vulnerability in how video players load and parse subtitle files allows an attacker to execute code on a target's PC and effectively take over the device. This vulnerability came to light today after security researchers from Israeli cyber-security firm Check Point published partial findings.
Researchers say that an attacker can craft malicious subtitle files that when loaded inside one of the many vulnerable media players, it executes code on the user's device.
In a YouTube video, Check Point researchers demoed the attack and showed how this previously unknown vulnerability grants an attacker full control over the affected computer.
Демонстрация уязвимости — https://www.youtube.com/watch?v=vYT_EGty_6A
Подвержены уязвимости: VLC, Kodi, PopcornTime, Stremio