The Microsoft media player Indeo Codec is used to decompresses digital media files for use in applications like Windows Media Player and Internet Explorer. Multiple vulnerabilities exist in Microsoft Windows Media Player Indeo Codec, which could allow remote code execution. These vulnerabilities are caused due to memory corruption and buffer overflow errors in Indeo41 codec when processing media content files. A remote attacker could exploit these vulnerabilities by enticing users to open or visit malicious website containing specially crafted malformed media content files, which could trigger memory corruption condition and allows remote code execution or cause application crash on affected systems.

Workarounds

• Unregister the Indeo codec
• Keep windows updated
• Do not open media files received from untrusted and unknown sources
• Do not open unexpected mails and media file attachments received from trusted sources
• Do not visit untrusted websites or click URLs provided in emails.
• Exercise caution while opening media files received through email attachments

For more Info:

• CERT-IN