VLC media player 2.2.8 has a Use-After-Free vulnerability which allows an attacker to execute arbitrary code. the exploit use ROP to bypass DEP protection. tested it on Win10 64 successfully exploit attempt should pop up calc.exe ( Windows Calculator ) Ref : https://www.exploit-db.com/exploits/44979/