iDefense Security Advisory 12.08.09 – Remote exploitation of a heap corruption vulnerability in Microsoft Corp.’s Indeo32 Codec could allow an attacker to execute arbitrary code in the context of the affected user. iDefense has confirmed that ir32_32.dll version 3.24.15.3, as included in fully patched Windows XP as of October 2008, is vulnerable. All previous versions are suspected to be vulnerable.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/83691/12.08.09-3.txt
Source: https://packetstormsecurity.com/files/83691/iDEFENSE-Security-Advisory-2009-12-08.3.html