CVE-2005-2128

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Media Player 9

Description: The issue allows remote attackers to write a null byte to arbitrary memory via a crafted AVI file. This is achieved by modifying the length value in the strn element of the AVI file, which is processed by the QUARTZ.DLL component in Microsoft Windows Media Player.

Recommendations: For Microsoft Windows Media Player 9, consider avoiding the use of AVI files from untrusted sources until a patch is available. As a temporary workaround, restrict the use of the QUARTZ.DLL component to minimize the risk of exploitation.