DivX codecs feature a well-coded buffer overflow opportunity
As acknowledged by its makers, the spyware-bundled codec DivX is not listed among the installed codecs after you install SP2 for Windows XP. They even provided a guide on how to disable the buffer overflow blocking feature, called Data Execution Protection, the one that’s guilty for this incident.
This procedure involves editing the BOOT.INI file and the advice is published on DivX Networks site. It wasn’t enough that they have obtained a huge market share in the Joe Average User campus and they are probably the most successful spyware distributors. They had to provide indications on how to break Joe Average User defense against other menaces to his PC.
This news was learned from eWeek, with the whole story on what’s to do to save the most corporatist codec of them all (EW boys, I couldn’t find anything DivX coded on local shops, perhaps you did it on Kazaa…). They also did mentioned in a footnote something about issues with Visual Studio, Access and TabletPC implementation of OneNote. EWeek blocks external referrals, hence I’m not bothering with the link.