Microsoft Windows XP SP2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
This vulnerability exists due to insufficient bounds checking of user-supplied input passed to the DirectX Media ActiveX control. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to visit a web page designed to pass malicious input to the ActiveX control. If the attack is successful, this action could trigger a buffer overflow and possibly allow the attacker to crash the application that is using the ActiveX control. Internet Explorer is the application most likely to be affected.
Proof-of-concept code is available.
Microsoft has not confirmed this
vulnerability and updates are unavailable.