This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Center. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. An attacker can craft a malicious file with a .MCL extension. Contained within the .MCL file is a URL that points to a second crafted file of type .LNK or .URL. If the victim opens the .MCL file, the attacker can execute arbitrary code on the victim’s machine under the context of the user.