An information disclosure vulnerability exists in Windows when Windows DVD Maker fails to properly parse a specially crafted .msdvd file. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.To exploit the vulnerability, an attacker would have to either log on locally to an affected system or convince a locally authenticated user to execute a specially crafted application. The security update addresses the vulnerability by correcting how Windows DVD Maker parses files.