Exploit code has been released targeting a flaw in Microsoft's Windows Media Player, the FrSIRT (French Security Incident Response Team) warned today.
But users who have applied the latest round of patches issued by Microsoft on Tuesday should not be affected. Patch MS06-006 repairs the flaw.
FrSIRT rated the vulnerability as "critical", while Microsoft graded it as "important". A bug in the Windows Media Player plug-in could be used to execute arbitrary commands, FrSIRT said.
The flaw is caused by a buffer overflow error that could allow a system to be taken over if a user was tricked into visiting a specially-crafted website using a non-Microsoft browser such as Netscape or Firefox, FrSIRT wrote in its advisory.