CVE-2012-0004
Description
Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A remote code execution vulnerability in Microsoft DirectShow's Line21 filter (Quartz.dll, Qdvd.dll) allows attackers to execute arbitrary code via a crafted media file.
Vulnerability
The vulnerability resides in Microsoft DirectShow, specifically in the Line21 filter responsible for closed captioning, within Quartz.dll and Qdvd.dll. It allows remote code execution when a user opens a specially crafted media file. Affected versions include Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 [1].
Exploitation
An attacker can exploit this vulnerability by crafting a malicious media file and convincing a user to open it, typically via email or a web link. No authentication is required, and the user interaction is limited to opening the file. The vulnerability is triggered during the parsing of the media file by DirectShow [1][2].
Impact
Successful exploitation grants the attacker the same user rights as the local user. If the user has administrative privileges, the attacker can gain complete control of the system, including the ability to install programs, view, change, or delete data, and create new accounts [1][2].
Mitigation
Microsoft released security update MS12-004 in January 2012, which addresses this vulnerability by correcting how DirectShow parses media files. The update is rated Critical for most affected systems. Customers with automatic updating enabled are protected. No workaround is documented [1][2].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
14- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*+ 4 more
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:2005:sp3:media_center:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_xp:2005:sp3:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.us-cert.gov/cas/techalerts/TA12-010A.htmlnvdUS Government Resource
- secunia.com/advisories/47485nvd
- www.securityfocus.com/bid/51295nvd
- www.securitytracker.com/idnvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832nvd
News mentions
0No linked articles in our index yet.