The host is installed with VLC Media Player 1.1.3 or below and is prone to an untrusted search path vulnerability in bin/winvlc.c. A flaw is present in the application, which fails to validate user supplied input. Successful exploitation allows attacker to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file.