Critical flaw in Windows music program
If exploited, the flaw could allow an attacker to delete files, search records, send e-mails or even launch a new attack from the victim's computer.
The problem involves how a technology in DirectX -- a group of instructions used by Windows programs to play audio and video -- handles MIDI (musical instrument digital interface) files.
Basically, an attacker could write a MIDI file designed to exploit the flaw and send it in an e-mail or host it on a Web site or shared network, said Stephen Toulouse, security program manager at Microsoft's Security Response Center.
[ Read more ]