Video Players Vulnerable to Subtitle Exploit

Researchers at Check Point have discovered a vulnerability in multiple video players that could allow a threat actor to execute code and take control of an affected system. The vulnerability exists in the way the video players load and parse subtitle files; a threat actor could create malicious subtitle files that, when loaded into the video player, execute code on the system. Many internet users download subtitle files from online repositories; threat actors can upload malicious files to these repositories and manipulate their populatiry to convince users to download their file over others. VLC, Kodi, PopcornTime, and video players are all vulnerable, though other players with subtitle support are likely vulnerable as well. VLC and PopcornTime have released patches to address the vulnerability; Kodi and are still developing their patches. The NJCCIC recommends VLC and  PopcornTime users apply the available patches. Kodi users are encouraged to monitor the vendors' websites and apply a patch once it becomes available. In the meantime, we recommend users refrain from downloading subtitle files until their video player is patch.