VLC Media Player is a multimedia player by the VideoLan project. People tend to use it because its not buggy and bloated like a lot of media players and it seems to play anything you throw at it.
While working on VLC 1.1, members of the project found a vulnerabilities that could allow attackers to execute arbitrary code on a targeted computer. This fix was brought back to the production code and 1.0.6 was released on April 22nd. This is documented in Security Advisory 1003.
To date, the VideoLan Project has only released source code and has not provided a windows binary. This is problematic in my opinion because the presence of source code can only help a malicious person write attack code.
According to a core developer on the VideoLan Project, they don’t have the volunteers to create the Windows binaries.
At this time we have two choices.
1. Dont run unsupported and obsolete software, particularly when it has unpatched security flaws.
2. install VLC prerelease version 1.1.0-pre3 which they claim is “quite stable” and addresses the recently published security vulnerabilities.
3. 1.1.0 pre release 4 is now out, which leads me to believe a production release is around the corner. Maybe they’ll even have time to compile a binary.