Security holes found in Windows Media Player
MICROSOFT ON WEDNESDAY issued a patch for two security flaws in its Windows Media Player software that could allow malicious users to run programs on other users' PCs...
...A malicious user could send a skin containing a script to another user and try to entice him or her into using it, or host such a file on a Web site and cause the script to execute whenever a user visited the site. Since the code would reside on the users' local PC, it would be able to execute ActiveX controls, including ones not marked "safe for scripting" and enable the code to take any action that can be accomplished via an ActiveX control, Microsoft said...
Read more here.