HDW Player,4.0.0 and all other versions, remote code execution
Note that this vulnerabilitiy was supposedly fixed by the developer in version 3.2.2, the fact that this issue has arisen again suggests that the developer is aware of it and has created a deliberate back door. The VEL believe that this extension should be regarded as malicious and should be permanently removed from any site using it.
.