Turn off your subtitles

[jachin99]

Someone is spreading malware through subtitles. I had a thought the other day about how do I really know I can trust the metadata being downloaded from the internet? Don't get me wrong, I'm still going to do it but this at least made me think I should look into the various sources of information that metadata providers get their information from. The good news for us is that the site doesn't list WMC as an effected program.

http://blog.checkpoint.com/2017/05/23/h ... anslation/

[Crash2009]

As I recall, my subtitles turn on when I mute the sound. Must be somewhere to disable them if you chose to.

[mcewinter]

I'm pretty sure the players affected actually download the subtitles which excludes MC since they're sourced locally.

[Space]

As I recall, my subtitles turn on when I mute the sound. Must be somewhere to disable them if you chose to.

Subtitles are not the same as Closed Captions. Closed Captions would probably not be affected by this, unless hackers somehow break in to the cable company or network and mess with them in the source video. And even if they could do that, Closed Captions are more simple than subtitles and probably would not have the more complicated coding that makes these exploits possible (although the use of common code may still makes them vulnerable).

This exploit is primarily with subtitles that are downloaded from third party websites, since usually anyone can upload subtitles for any show to those sites (and you end up downloading those subtitle either manually or automatically for use with your ripped/downloaded videos). If someone with malicious intent uploads a specially crafted subtitle file to one of those sites, and you download it and use it, that is where your system can be compromised.

Just because WMC was not mentioned does not mean it is not vulnerable to this. But it doesn't mean it is either... People don't usually spend time testing for vulnerabilities in "abandoned" software such as WMC.