Installer executes vlc-cache-gen.exe with unquoted path

When running vlc-2.2.0-win32.exe, the installer executes the command

"C:\DOCUME~~1\ADMINI~~1\LOCALS~1\Temp\nsr38D3.tmp\ns38D7.tmp" C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe C:\Program Files\VideoLAN\VLC\plugins

which in turn executes the command

C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe C:\Program Files\VideoLAN\VLC\plugins

This is a vulnerability! Since the path to vlc-cache-gen.exe is not quoted, this command would execute C:\Program.exe if such a file was present on the system.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information