Thread replies: 50
Thread images: 4
Thread images: 4
File: 1466992839296.jpg (35KB, 1310x121px) Image search:
[Google]
35KB, 1310x121px
>Doesn't need to be an .exe
>just the text file
>Antivirus cannot scan it
>>
>>60592587
Hola, reddit.
>>
>no source other than some retarded headline
>>
>>60592615
why would i post source you nigger, I thought you faggots didn't like giving clicks
>>
>>60592587
>le anti-piracy shilling
go away, redditor.
>>
>>60592615
post it on archive and then post the link, nigger
>>
>>60592619
>I like reading books but I hate buying them from the book store
>sends a book cover
>I can't read this, this is just a cover
>Wtf anon I though you didn't like buying books
Pastebin the actual article content, you fucking troglodyte.
>>
>not watching raws
>>
File: 1493304264513.jpg (120KB, 680x678px) Image search:
[Google]
120KB, 680x678px
>>60592619
>why would I post source you nigger
>>
It is true but it is only in shitty turrent stream apps like popcorn time that dont use srt.
>>
Subtitle files are parsed by the players, and can execute remarkably complex visual effects.
It's not entirely surprising that this is possible, nor that it was overlooked.
>>
already fixed with Kodi 17.3 don't forget to update
probably libreelec release is on the way too but can't say anything about openelec fags
>>
>>60592587
> He doesn't learn the native language of a video
Fucking plebs
>>
>>60593636
Also VLC 2.2.5.1. It's an exploit in an ancient Amiga subtitle format (JACOsub), which can be embedded only in Ogg containers, but not MKV or MP4.
https://matroska.org/technical/specs/codecid/index.html
Watch out for rogue .jss subtitle files.
>>
>>60593636
Nevermind, LibreElec updated it just today
no update on Openelec tho
>>
>>60593438
what the fuck, so srt files can fuck my computer up now?
>>
>>60592587
Windows on its own has like 50 different executable file types, fonts and their ilk have been repeat offenders over the decades too.
>>
>>60592619
Either archive link or pastebin
>>
File: sweaty.jpg (28KB, 300x300px) Image search:
[Google]
28KB, 300x300px
>>60593636
>>60593703
>update
>mfw Media Player Classic
>>
>>60593877
SubRip files for example can contain simple, unstandardized HTML-like formatting codes. If you fuck up parsing those correctly, you can take over a media player.
https://en.wikipedia.org/wiki/SubRip#Formatting
>>60594149
MPC doesn't even support that format, you're fine.//Subtitles Format: 0=all, 1=MicroDVD, 2=SAMI, 3=SSA, 4=SubRip, 5=SubViewer 2.0, 6=SubViewer, 7=MPSub, 8=Advanced SSA, 9=DVDSubtitle, 10=TMPlayer, 11=MPlayer2
>>
mpv doesn't have this problem
>>
>>60594692
does mpv even have a subtitle parser?
>>
>>60594700
RTFM
https://mpv.io/manual/master/
>>
>>60594700
yes you stupid nigger
>>
>>60592587
>viruses hidden in subtitles
But there's no virus in the subtitles. It's just a fuckup in the parsing that allows commands to be executed on the system which is used to initiate an RPC in the demonstrations.
>>
>>60594758
>But there's no virus in the subtitles
you're being a stupid nigger right now.
the virus is a payload inside the subtitle file
>>
>>60592587
This affects vlc when parsing font tags on srt.
It tries to find the corresponding > without checking for the end of the string.
I don't know how they go from this to remote code execution, but that's all that's been patched on vlc 2.2.5.
>>
>>60594822>>60594758
how to avoid these problems?
>>
>>60594832
Stop using vlc.
>>
>>60594798
No.
If anything the subtitles file itself is the virus. But it's not really because it doesn't infect the system.
The exploit can be used to deliver a virus payload to the target machine but it isn't contained within the subtitle file.
>>
>>60594832
Don't use shitty players. Don't download subtitle files. Only download videos from reputable sources with the subtitles already embedded.
>>60594822
>I don't know how they go from this to remote code execution
Because it doesn't sanitize the parsing they're able to execute a system application instead of a targeting a local font file so they use it to start an RPC which connects to their controller PC.
>>
>>60594902
>Don't download subtitle files. Only download videos from reputable sources with the subtitles already embedded.
but i pirate alot
>>
>>60594908
So?
There are reputable groups.
>>
>>60594902
If you have your hands on a poc please share it.
All I know is from the patch they made.
Also, if it was a bug reading a font file, it wouldn't really be vlc's fault.
>>
>>60594838
>autist screaming
just update to the latest version, big fucking deal
>>
>>60592587
yep, exploits your video player.
VLC is just a little bit too common.
>>
>>60594994
Yes goy, keep updating.
>>
File: 1493831763759.png (35KB, 645x773px) Image search:
[Google]
35KB, 645x773px
>>60592587
UPDATE VLC NOW, SECURITY UPDATE DUE TO OP'S EXPLOIT
>>
>>60594877
.srt is a plain text file,
how is the virus encpded in it?
ctrl-characters or html tags?
>>
>>60595027
I wonder if unicode would translate to executable code easier?
For clarity you're wondering how every bit sequence in a binary executable stream could be represented in a simple text file right?
I didn't realize it would only show letters and numbers, lots of ctrl+ characters when you open a binary as a text file.
>>
>>60594974
Well to be fully honest here it isn't a single exploit.
All four players were exploited in different ways but all through a subtitles file.
But by watching the PoC video it is pretty clear that it isn't a binary blob or anything embedded in the subtitle file. They exploited problems in the way the players parsed the subtitle files to run system commands, in this case they probably used it to run mstsc to connect to their Linux machine.
>>
>>60595027
>>60595081
You can't force a file being plain text only, it can have anything in it.
All you need now is a way to make the video player jump to the payload after the file is read to memory.
>>
>>60595098
The video shows that the video player opens a connection to the attacker's computer to download a payload, this new payload is the one that creates the remote desktop session.
>>
>>60593666
>hearing the audio of a Video
>not paying the creators of the Video to reenact it live for you
>>
>>60592587
Fucking hackers GET OUT OF MY ANIME
>>
>>60595025
>>60594832
Should we stop using mpv too?
>>
>>60596862
STOP! DONT FUCK UP MY PC
>>
>>60595502
> Not getting the script and reinacting it yourselft
>>
>>60592587
>MPC not affected
Not a problem.
>>
>>60592587
You don't even seem to know what an exe is and what is pattern detection/heuristic in scanning files.
Whatever computer illiterate hole you're coming from, go back, please.
Thread posts: 50
Thread images: 4
Thread images: 4