Microsoft reports: "A remote code execution vulnerability exists in the Windows Media Player plug-in for non-Microsoft Internet browsers because of the way the Windows Media Player plug-in handles a malformed EMBED element. An attacker could exploit the vulnerability by constructing a malicious EMBED element that could potentially allow remote code execution if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system."
Affected software includes Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2, Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1, Microsoft Windows XP Professional x64 Edition and Microsoft Windows Server 2003 x64 Edition.
Full info canbe located at http://www.microsoft.com/technet/security/Bulletin/MS06-006.mspx.