Reported May 07, 2003, by Microsoft.
· Microsoft Windows Media Player (WMP) 8.0 and 7.1
A new WMP vulnerability can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from a flaw in the way WMP handles the download of skin files. This flaw could permit an attacker to force a file (e.g., a malicious executable) masquerading as a skin file into a certain location on a user's machine.
Microsoft has released Security Bulletin MS03-017, "Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch mentioned in the bulletin.