Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file. https://nvd.nist.gov/vuln/detail/CVE-2012-5359