A new critical security hole has been found in the VLC player from the VideoLan project, while there is still no public fix for the previous security hole found two weeks ago.

The new vulnerability has been found in the handling of mmst:// URLs. If a user opens a URL of this form that points to an attacker's server, the server can deliver crafted data that will cause a buffer overflow on the heap, which could lead to remote code execution, according to a advisory note from Orange Bat.

More Here