Telestream Flip4Mac Windows Media Components for QuickTime 126.96.36.199 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected user.
The vulnerability is due to a lack of input validation when handling crafted Windows Media Video (WMV) files. An unauthenticated, remote attacker could exploit this vulnerability by creating a WMV file that contains a crafted ASF_File_Properties_Object size field. By convincing a user to view the WMV file in the vulnerable application, the attacker could cause memory corruption that is exploitable for code execution with the privileges of that user. If the user holds administrative privileges, an exploit could result in a full system compromise.
Proof-of-concept code is publicly available to trigger an crash of the application.
Telestream has not confirmed this vulnerability and updates are not available.