VideoLan VLC Media Player contains a vulnerability in its CDG decoder, specifically the "DecodeTileBlock()" and "DecodeScroll()" functions. When these functions process maliciously crafted data, an array index issue arises. Successful exploitation could allow remote arbitrary code execution.
VLC Media Player 1.x
BeyondTrust Prevention and Detection:
- BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
Upgrade VLC to version 1.1.6 or newer.