http://online.securityfocus.com/news/338


"A quirk in media players from Microsoft and RealNetworks could enable attackers to hijack Web browsers and run scripts on the computers of some MP3 music fans.

The trick has apparently been discovered by pornography sites and spammers, which have been seeding some music file trading services with bogus MP3 music files.

One such MP3 file, ostensibly containing the music of the Los Angeles-based rock group Lifehouse, launched a pornographic video and generated a "massive" amount of pop-up ads when played back on the Windows Media Player from Microsoft, according to one newsgroup report. "


i'd say the big concern here is that an unpatched browser could be redirected to a malicious website with active x or javascript...