MS12-014: Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637)
High Nessus Plugin ID 57948
SynopsisArbitrary code can be executed on the remote Windows host through the Indeo codec.
DescriptionThe remote Windows XP host contains a version of the Indeo codec that is affected by an insecure library loading vulnerability.
A remote attacker could exploit this by tricking a user into opening a legitimate file (e.g., an .avi file) located in the same directory as a maliciously crafted dynamic link library (DLL) file, resulting in arbitrary code execution.
SolutionMicrosoft has released a patch for Windows XP.