VLC is able to handle the subtitles automatically in a very simple way,it just checks the presence of SSA files with the same name of the loaded video and a possible subtitles folder. The functions which handle the MicroDVD, SSA and VPlayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code. This module runs a web server waiting for vulnerable clients (Internet Explorer, Opera or Mozilla Firefox) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
CVE Link
Exploit Platform
Exploit Type
Product Name