VLC media player is a media player supporting various audio and video formats for multiple platforms.
A buffer overflow vulnerability exists in VideoLAN VLC media player due to an error when an overly deep box structure in ".mp4" files. A malicious user can exploit this vulnerability to execute arbitrary code by enticing a user to view a specially crafted file.
Upgrade to VideoLAN VLC Media Player 1.0.2 or higher.
Exploit works on Windows XP and Vista.
The VLC ActiveX control must be installed on the target.
The user must open the exploit page in Internet Explorer 6 or 7.