Check Point Discovers Media Subtitle Vulnerability in VLCMay 23, 2017, 15:00 (0 Talkback[s])
(Other stories by Sean Michael Kerner)
VLC in particular is a widely used open-source media player that has over 170 million downloads on Windows alone. Media players are also widely used in smart TV platforms and other streaming media devices, with the total number of impacted devices estimated to be 200 million by Check Point.
In this attack the vulnerable media player loads a subtitle from a third party resource to provide a language translation for the user. According to Check Point, subtitles are treated as a trusted source by the media player and are often just text files, which are overlooked by common security tools including antivirus technologies.