In the processing of asf-streams in VLC can a bug occur, which exploits native code may run on a user’s system. A solution is not available yet, but would as soon as possible need appear.
A ‘specially prepared’ to asf file can be in the parser, a buffer overflow would cause. A buffer overflow causes more data to memory to be written than for which space is reserved, that an attacker can, for example, data to executable memory can write.
Or that in this case also, it is not yet clear. According to the VLC team would be that in ‘some cases it’ may be possible, but that is not confirmed. In addition, it allows VLC users to explicitly an asf file must open to be vulnerable, but at the same time recommends that the company’s users to avoid ‘untrusted sites’ to visit, not just asf files to open, and the VLC-browser-plugin disable. An alternative is to have the asf-plugin disable, by removing them from the plugin folder of VLC.