Felipe Manzano

**Name of the Vulnerable Software and Affected Versions** VLC media player versions 0.8.6d and earlier Miro Player versions 1.1 and earlier **Description** The issue allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file. This is related to the MP4 demuxer (mp4.c) in VLC media player when used in Miro Player. **Recommendations** For VLC media player versions 0.8.6d and earlier, update to a version later than 0.8.6d to resolve the issue. For Miro Player versions 1.1 and earlier, update to a version later than 1.1 to resolve the issue. As a temporary workaround, consider avoiding the use of the MP4 demuxer (mp4.c) in VLC media player until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MPlayer versions 1.0 rc2 and earlier **Description** The issue is related to an array index error in the libmpdemux/demux mov.c file, which could potentially allow remote attackers to execute arbitrary code. This is possible through a crafted QuickTime MOV file that contains a specifically designed stsc atom tag. **Recommendations** For MPlayer versions 1.0 rc2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.