Unrated severityNVD Advisory· Published Dec 6, 2007· Updated Apr 23, 2026

CVE-2007-6262

Description

A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."

Affected products

VideoLAN/Vlc Media Player3 versions
cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/26675nvdExploitPatch
secunia.com/advisories/27878nvdVendor Advisory
securityreason.com/securityalert/3420nvd
www.coresecurity.comnvd
www.securityfocus.com/archive/1/484563/100/0/threadednvd
www.videolan.org/sa0703.htmlnvd
www.vupen.com/english/advisories/2007/4061nvd
exchange.xforce.ibmcloud.com/vulnerabilities/38816nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.018
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000