VLC media player 2.2.8 has a Use-After-Free vulnerability which allows an attacker to execute arbitrary code.
the exploit use ROP to bypass DEP protection.
tested it on Win10 64
successfully exploit attempt should pop up calc.exe ( Windows Calculator )
Ref :
https://www.exploit-db.com/exploits/44979/