VLC Media Player 2.0.1 closes security holes
Version 2.0.1 of the open source VLC Media Player has been released. According to VideoLAN developer Jean-Baptiste Kempf, the maintenance update to VLC 2.0 "Twoflower" includes fixes for more than 110 bugs and closes two security holes that could be exploited by an attacker to compromise a victim's system. [Screenshot]
The update addresses a stack overflow in MMS support as well as a heap-based buffer overflow in Real RTSP support which, its developers say, could lead to arbitrary code execution on most systems. For an attack to be successful, a user must first open a specially crafted file or a malicious web site. All VLC versions up to and including 2.0.0 are affected; upgrading to 2.0.1 fixes these issues.
Continued : http://www.h-online.com/security/news/item/VLC-Media-Player-2-0-1-closes-security-holes-1474770.html
See Vulnerabilities / Fixes: VLC Media Player MMS and Real RTSP Vulnerabilities