VLC Media Player '.mkv' Code Execution Vulnerability (Windows)

Summary
The host is installed with VLC Media Player and is prone to arbitrary code execution vulnerability.
Impact
Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted MKV file. Impact Level: Application
Solution
Upgrade to the VLC media player version 1.1.7 or later, For updates refer to http://download.videolan.org/pub/videolan/vlc/
Insight
The flaw is due to an input validation error within the 'MKV_IS_ID' macro in 'modules/demux/mkv/mkv.hpp' of the MKV demuxer, when parsing the MKV file.
Affected
VLC media player version 1.1.6.1 and prior on Windows
References