CVE-2007-6262

Name of the Vulnerable Software and Affected Versions VideoLAN VLC versions 0.8.6 through 0.8.6d

Description The issue allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," also known as a "recursive plugin release vulnerability."

Recommendations For versions 0.8.6 through 0.8.6d, update to version 0.8.6d or later to resolve the issue. As a temporary workaround, consider disabling the addTarget, getVariable, and setVariable functions in the affected ActiveX control until a patch is available.