winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file.
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0063.html