A remote code execution vulnerability in Windows Movie Maker and Microsoft Producer 2003 could allow an attacker to gain complete control of an affected system.

Microsoft has reported a vulnerability in Windows Movie Maker and Microsoft Producer 2003, which is caused by the way these applications parse project file formats. A successful exploit could allow an attacker to remotely execute arbitrary code and gain access to the affected system through a specially crafted Movie Maker or Producer file.


4 May 2010: Micosoft has released an updated version of Producer 2003 and recommends that all users of the older version upgrade to the latest version. Users who do not wish to upgrade are advised to apply the workaround solution offered as a Microsoft FixIt.

Further information is available in the security bulletin:

 

Apply security update.

Microsoft Producer 2003
http://www.microsoft.com/downloads/details.aspx?familyid=1b3c76d5-fc75-4f99-94bc-784919468e73

Movie Maker 2.1 for:

 
Movie Maker 2.6 for:

 
Movie Maker 6.0 for:

Microsoft Security Bulletin MS10-016 (http://www.microsoft.com/technet/security/Bulletin/MS10-016.mspx)