Secunia's reporting a "highly critical" flaw in the popular VLC Media player that would allow someone to compromise a user's system with a specially crafted web address or M3U file. Interestingly enough, the flaw affects both Windows and OSX systems. No reponse from VideoLan yet, but I'd expect to see this flaw addressed within the week.

While we're on the subject of media player flaws, the current number one flaw at Secunia is one in Apple's Quicktime media player. This flaw is very similar to the VLC flaw: it can be exploited by specially crafting an RTSP URL. No update from Apple on this one yet, either.