CVE-2007-6683

Name of the Vulnerable Software and Affected Versions VideoLAN VLC version 0.8.6d

Description The issue allows remote attackers to overwrite arbitrary files via the :demuxdump-file option in a filename in a playlist, or an EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.

Recommendations For VideoLAN VLC version 0.8.6d, consider disabling the browser plugin until a patch is available to prevent remote attackers from overwriting arbitrary files. As a temporary workaround, avoid using the :demuxdump-file option in filenames in playlists and restrict the use of EXTVLCOPT statements in MP3 files to minimize the risk of exploitation.