The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
lists.grok.org.uk/pipermail/full-disclosure/2008-February/060481.html
secunia.com/advisories/29122
secunia.com/advisories/29153
secunia.com/advisories/29284
secunia.com/advisories/29766
www.coresecurity.com/?action=item&id=2147
www.debian.org/security/2008/dsa-1543
www.gentoo.org/security/en/glsa/glsa-200803-13.xml
www.securityfocus.com/archive/1/488841/100/0/threaded
www.securityfocus.com/bid/28007
www.securitytracker.com/id?1019510
www.videolan.org/security/sa0802.html
www.vupen.com/english/advisories/2008/0682