Jump to content

Can Emsisoft Anti-Malware protect against this? [Malicious Movie Subtitles]

Recommended Posts


A vulnerability in how video players load and parse subtitle files allows an attacker to execute code on a target's PC and effectively take over the device.

This vulnerability came to light today after security researchers from Israeli cyber-security firm Check Point published partial findings.

Researchers say that an attacker can craft malicious subtitle files that when loaded inside one of the many vulnerable media players, it executes code on the user's device.

In a YouTube video, Check Point researchers demoed the attack and showed how this previously unknown vulnerability grants an attacker full control over the affected computer.

Affected: VLC, Kodi, PopcornTime, and Stremio

According to Check Point security researchers, video players like VLC, Kodi, PopcornTime, and Stremio are vulnerable to this novel attack.

VLC and PopcornTime have already issued updates to address this flaw, while Kodi and Stremio are still working on patching the problem.

Researchers say that other video players that come with subtitles support are most likely vulnerable, but they haven't tested other applications.

Check Point has refrained from releasing proof-of-concept exploit code until other vendors are notified and have the chance to issue patches.

Vulnerability affects hundreds of millions of users

"We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years," the Check Point Research Team says.

The vulnerability's reach is exacerbated by how users get most of their subtitles. Most of these files are hosted on subtitle repositories where anyone can upload a malicious file.

These portals rank subtitles based on popularity algorithms that an attacker can manipulate. By falsely improving the popularity of a malicious subtitle file, attackers can ensure that users download their file more often, or that streaming services such as Strem.io or PopcornTime pull the malicious subtitle before legitimate files.

Users are advised to use one of the updated video players, or not load any subtitles until they're sure they've updated to a safe version of their favorite player.





Link to post
Share on other sites

An exploit can be seen as a way to make sure malware ends up on a system undetected/unnoticed. However this malware still will need to be executed, at which point Emsisoft's behavior blocker should intercept it. No proof of concept exploit has been released so there is no way to test this, but in theory, yes we should block any malware that tries to infect a computer this way.

  • Upvote 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...