Some of the flaws could probably be exploited to inject and execute code via crafted media files. For such an attack to succeed the user would have to download and open a file - for example a video file from a manipulated file hosting service.
The module for Real Time Messaging Protocol (RTMP) was completely removed for safety reasons and the developers plan to restore RTMP input based on FFmpeg in VLC version 1.1.0.
A complete list of changes is available on the VLC media player 1.0.6 source page. The new version is currently only available as source code, but the binaries for Windows and Mac OS X, are likely to be available soon.
The upcoming version 1.1.0, the start of 'The Luggage' branch of the code, for the first time supports H.264, and MPEG-VC-1 / WMV movie decoding via the graphics card hardware on Windows Vista, Windows 7 and Linux. VLC is released under version 2 of the GNU General Public License (GPLv2).
Last edited by a moderator: