A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.

Related CVEs

CVE-2023-46814

Key Information

GHSA ID

GHSA-4427-h6h2-wh2w

Published

November 22, 2023 6:30 AM

Last Modified

November 29, 2023 9:30 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.