VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Windows)

Summary
The host is installed with VLC Media Player and is prone buffer overflow vulnerability.
Impact
Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a malicious file or visiting a specially crafted web page. Impact Level: Application
Solution
Upgrade to the VLC media player version 1.1.9 or later, For updates refer to http://download.videolan.org/pub/videolan/vlc/
Insight
The flaw is caused by a heap corruption error in the 'MP4_ReadBox_skcr()' [modules/demux/mp4/libmp4.c] function when processing malformed MP4 (MPEG-4 Part 14) data.
Affected
VLC media player version prior to 1.1.9 on Windows
References