VLC Media Player vulnerable to heap overflow exploits

http://www.h-online.com/security/news/item/VLC-Media-Player-vulnerable-
to-heap-overflow-exploits-1279247.html

"According to the VideoLAN project, the popular VLC Media Player is
susceptible to two heap overflow vulnerabilities in the Real Media and
AVI file parsers. These holes, rated as 'Highly critical' by security
specialist Secunia, could be exploited by an attacker to crash the player
or possibly execute arbitrary code on a victim's system. For an attack to
be successful, a user must first open a specially crafted malicious
file."

Version 1.1.11 of VLC has been released to address the above
vulnerabilities. All users are encouraged to update as soon as possible.