Any “here is a new security hole” article should be required to list what the attack vector is. Is it a malformed video file that triggers the memory overflow? Some internal web server that VLC runs in the background that you need access to the user’s LAN to be able to attack? (Hint: it’s a malformed video file)