Quovodis

**Name of the Vulnerable Software and Affected Versions** VideoLAN VLC version 0.8.6d **Description** The issue allows remote attackers to overwrite arbitrary files via the `:demuxdump-file` option in a filename in a playlist, or an `EXTVLCOPT` statement in an MP3 file, possibly an argument injection vulnerability. **Recommendations** For VideoLAN VLC version 0.8.6d, consider disabling the browser plugin until a patch is available to prevent remote attackers from overwriting arbitrary files. As a temporary workaround, avoid using the `:demuxdump-file` option in filenames in playlists and restrict the use of `EXTVLCOPT` statements in MP3 files to minimize the risk of exploitation.