HighMicrosoft Windows Knowledge Base Article 2636391 update is not installed on the system, which could allow an attacker to exploit the following vulnerabilities:
Microsoft Windows Media Player could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of malicious files by the Windows multimedia library (winmm.dll) component. By persuading a victim to open a specially-crafted MIDI file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of malicious media files by the DirectShow (Quartz.dll and Qdvd.dll) components. By persuading a victim to open a specially-crafted media file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS12-004. See References.
Microsoft Security Bulletin MS12-004
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
http://technet.microsoft.com/en-us/security/bulletin/ms12-004
IBM Internet Security Systems X-Force Database
Microsoft Windows Media Player MIDI code execution
http://xforce.iss.net/xforce/xfdb/71992
IBM Internet Security Systems X-Force Database
Microsoft Windows DirectShow code execution
http://xforce.iss.net/xforce/xfdb/71993
ISS X-Force
Microsoft Windows Knowledge Base Article 2636391 update is not installed
http://www.iss.net/security_center/static/71994.php
CVE CVE-2012-0003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0003
CVE CVE-2012-0004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0004
