Trancer

**Name of the Vulnerable Software and Affected Versions** VLC media player version 0.9.9 **Description** A stack-based buffer overflow issue exists in the Win32AddConnection function, located in modules/access/smb.c, which can be triggered by a long smb URI in a playlist file. This can cause a denial of service, resulting in an application crash, and potentially allow the execution of arbitrary code. The issue is caused by a boundary error within the `Win32AddConnection()` function and can be exploited by tricking a user into opening a malicious playlist file with an overly long "smb://" URI. **Recommendations** For VLC media player version 0.9.9, consider disabling the `Win32AddConnection()` function until a patch is available to prevent exploitation. Restrict access to opening playlist files from untrusted sources to minimize the risk of exploitation. Avoid using overly long "smb://" URIs in playlist files until the issue is resolved.