Windows Media MIDI Invalid Channel

Added: 02/06/2012
CVE: CVE-2012-0003
BID: 51292
OSVDB: 78210


Musical Instrument Digital Interface (MIDI) is an industry specification for encoding, storing, synchronizing, and transmitting the musical performance and control data of electronic musical instruments and other electronic equipment. Microsoft Windows supports the playback of MIDI files through the DirectShow and Windows Multimedia Libraries.


Microsoft DirectShow and Windows Multimedia Library improperly validate the channel field in MIDI files, causing the libraries to be vulnerable to memory corruption. If an attacker were to successfully convince a user into opening a specially formatted MIDI file, the attack could gain execution control of the user's system.


Apply the KB specified for your system in Microsoft Security Bulletin MS12-004.



This exploit has been tested against Microsoft Internet Explorer 8 with KB2618444 on Windows XP SP3 English (DEP OptIn) and Windows Vista SP2 (DEP OptIn), and Microsoft Internet Explorer 9 with KB2618444 on Windows Vista SP2 (DEP OptIn).


Windows XP
Windows Vista

Back to exploit index