Windows Explorer 6.0.2900.5512 AVI (Audio Video Interleave) Denial of Service Vulnerability advisory, fuzzing, security, blackbox, tests, Windows Explorer, Shmedia.dll, DoS, AVI FMA-2011-007 Windows Explorer 6.0.2900.5512 http://www.microsoft.com Shmedia.dll 6.0.2900.5512 1b8182c8fe6172727c3cf47415cbad8f Explorer.exe 6.0.2900.5512 c791ed9eac5e76d9525e157b1d7a599a Windows XP SP3 Home Edition Windows XP SP3 Professional Edition 2011.03.27 2011.03.29 n/a Windows Explorer 6.0.2900.5512 Denial of Service vulnerability. DoS Vulnerability can be triggered locally or from remote network share. There are a few possibilities to execute the exploit. User can trigger the exploit automatically, by enabling content preview in directory settings and browse directory with exploit. The second possibility is when user selects the file, so the preview will be generated by Explorer and exploit will be executed. Vendor was not notified because after the discovery of the vulnerability by FuzzMyApp it turned out that the vulnerability was publically disclosed already. Denial of Service is caused by unhandled exception raised in module Shmedia.dll loaded into Explorer.exe process. Exception is triggered by integer division by zero in Shmedia.dll module. image01s.png 100 80 image01.png Integer division by zero exception raised in Shmedia.dll module. Integer division by zero exception raised in Shmedia.dll module.