Vinay Anantharaman

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Media Runtime (affected versions not specified) **Description** The issue is related to the improper initialization of unspecified functions within compressed audio files. This allows remote attackers to execute arbitrary code via a crafted media file or crafted streaming content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions 2000 SP4, XP SP2, XP SP3, Server 2003 SP2, Vista Gold, Vista SP1, Vista SP2, Server 2008 Gold, Server 2008 SP2 Description: A remote code execution issue exists in the way Microsoft Windows handles specially crafted AVI format files. This could allow code execution if a user opens a specially crafted AVI file. If successfully exploited, an attacker could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. The impact may be less severe for users with fewer user rights on the system compared to those operating with administrative user rights. Recommendations: For Windows 2000 SP4, consider applying the relevant security update to resolve the issue. For Windows XP SP2 and SP3, apply the security update to fix the vulnerability. For Windows Server 2003 SP2, install the update to mitigate the risk. For Windows Vista Gold, SP1, and SP2, apply the security patch to resolve the issue. For Windows Server 2008 Gold and SP2, install the relevant security update to fix the vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows 2000 SP4 Windows XP SP2 Windows XP SP3 Windows Server 2003 SP2 Windows Vista Gold Windows Vista SP1 Windows Vista SP2 Windows Server 2008 Gold Windows Server 2008 SP2 Description: A remote code execution issue exists in the way Microsoft Windows handles specially crafted AVI format files. This could allow code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. The `Avifil32.dll` is involved in this issue, specifically due to an integer overflow in the Windows Media file handling functionality. Recommendations: For Windows 2000 SP4, update to a newer version to mitigate the risk. For Windows XP SP2 and SP3, consider restricting access to AVI files until a patch is available. For Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2, avoid opening specially crafted AVI files until the issue is resolved. As a temporary workaround, consider disabling the handling of AVI files in Windows Media until a patch is available.