In late January, we started seeing a new piece of malware based on the MIDI file format. This was the first in-the-wild attempt at leveraging a vulnerability that Microsoft publicly disclosed in Janurary under the security bulletin MS12-004 (CVE-2012-0003) The vector of infection was through embedding the exploit file, baby.mid, in a malicious webpage. Upon opening the webpage under versions of Windows other than Windows 7 or Windows Server 2008 R2, Windows Media Player would open. The exploit it contained would cause a heap overflow that allowed for shellcode to be executed.”]
Source: https://blog.talosintelligence.com/2012/02/midi-karaoke-background-or-malware.html