Secunia Research has discovered a vulnerability in VLC Media Player versions 0.8.6h on Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error within the "Open()" function in modules/demux/wav.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted WAV file having an overly large "fmt" chunk.
e2f38b98275bda496b754a264185e18e366d990b4a6ce34468c89d7f4314050d