Enduria

Microsoft had became aware of a bug in het DirectX engine used in Windows 2000, Windows Server 2003 and also Windows XP. As per Microsoft:The vulnerability could allow remote code execution if user opened a specially crafted QuickTime media file. Microsoft is aware of limited, active attacks that use this exploit code.
Microsoft is investigating this issue, and the investigation is ongoing. The investigation so far shows that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not vulnerable. My research on the internet shows that Microsoft is currently working to develop a security update for Windows to address this vulnerability. Microsoft will release the security update once it has reached an appropriate level of quality for broad distribution.The cause of this threat is that a remote code execution vulnerability exists in the way Microsoft DirectShow handles supported QuickTime format files. This vulnerability could allow code execution if a user opened a specially crafted QuickTime media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

See here for information:
Microsoft Security Advisory (971778) ; Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution