Installer executes vlc-cache-gen.exe with unquoted path
When running vlc-2.2.0-win32.exe, the installer executes the command
"C:\DOCUME1\ADMINI1\LOCALS~1\Temp\nsr38D3.tmp\ns38D7.tmp" C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe C:\Program Files\VideoLAN\VLC\plugins
which in turn executes the command
C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe C:\Program Files\VideoLAN\VLC\plugins
This is a vulnerability! Since the path to vlc-cache-gen.exe is not quoted, this command would execute C:\Program.exe if such a file was present on the system.