Trend Labs documents early developments for malware attacks that exploit the Windows Media Player vulnerabilities patched under MS12-004 during the Microsoft January updates. Corporate and Home users should patch promptly and avoid all suspicious objects offered in email or websites
MS12-004 Early malware attacks starting to appear in wild
MS12-004 is rated as a highly critical security patch by Microsoft & ISC
QUOTE: Earlier today, we encountered a malware that exploits a recently (and publicly) disclosed vulnerability, the MIDI Remote Code Execution Vulnerability (CVE-2012-0003). (Ed. Note: addressed in MS12-004). The said vulnerability is triggered when Windows Multimedia Library in Windows Media Player (WMP) fails to handle a specially crafted MIDI file, consequently allowing remote attackers to execute arbitrary code.