To exploit this vulnerability, an attacker must convince an attacker to open a malicious .asf file. An attacker could also exploit this vulnerability by convincing a user to visit a malicious website that targets Windows Media Player through Windows Media Format Runtime. An exploit could allow the attacker to execute arbitrary code with the privileges of the user that launched the vulnerable application.
The attacker can only gain limited permissions on systems that restrict user privileges; however, an attacker could completely compromise systems that grant users administrative privileges because any code execution will occur with the privileges of the user. Windows Vista-based systems are likely to be impacted to a lesser extent because all accounts are granted limited privileges by default.
Microsoft has corrected this vulnerability by changing the way .asf files are parsed by Windows Media Format Runtime.
Microsoft previously announced that Media Format Runtime 9 was affected when running on Windows XP SP3; however, Microsoft has re-released the bulletin indicating that Media Format Runtime 9 is not affected when installed on Windows XP SP3.