securfrog has discovered a vulnerability in DivX Player, which can potentially be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the processing of subtitles. This can be exploited to cause a stack-based buffer overflow via an overly long subtitle line contained in a malicious SRT file.
Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into opening a specially crafted SRT file.
The vulnerability is confirmed in DivX Player 6.7 (build 18.104.22.168). Other versions may also be affected.