To exploit this vulnerability, an attacker must convince a user to view a malicious AVI file. The attacker may provide files to users via e-mail messages, or post malicious media files on public websites. If the user opens the malicious file, the attacker could execute arbitrary code with the privileges of the user. On systems that allow users to run applications with the privileges of the Administrator account, the attacker could execute code that results in a complete system compromise.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the August 2009 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for August 2009
The update available from Microsoft corrects this vulnerability by improving the processing of AVI headers.