A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a “bad initialized pointer,” aka a “recursive plugin release vulnerability.”
secunia.com/advisories/27878
securityreason.com/securityalert/3420
www.coresecurity.com/?action=item&id=2035
www.securityfocus.com/archive/1/484563/100/0/threaded
www.securityfocus.com/bid/26675
www.videolan.org/sa0703.html
www.vupen.com/english/advisories/2007/4061
exchange.xforce.ibmcloud.com/vulnerabilities/38816
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280