14 DAY TRIAL // VLC 2.0.1 was released not only to address functionality bugs, but also a couple of security holes that may have been exploited by an attacker to execute arbitrary code.
All previous versions of the popular media player were affected by a stack overflow vulnerability present in the MMS access plug-in (libaccess_mms_plugin.*). The flaw, reported by Florent Hochwelker, can be exploited if the attacker convinces the user to open a malicious file.
A heap overflow issue discovered by the same researcher affected the Real RTSP access plugin (libaccess_realrtsp_plugin.*) and may have been abused to execute a piece of malicious code, but only on certain systems.
There are some workarounds for these flaws, but the safest way to mitigate the threats is by upgrading the application to the 2.0.1 version.
VLC 2.0.1 for Windows is available for download here VLC 2.0.1 for Mac is available for download here VLC 2.0.1 for Linux is available for download here