They have discovered that the program allows malicious hackers to easily bypass Outlook's new security features, which block delivery of dangerous e-mailed attachments and turn off active scripting by default. A downloadable security update from Microsoft adds the same protections to Outlook 2000.
...
The experts say HTML-formatted e-mail containing code identified as a file that Media Player "trusts" can be embedded in an e-mail, which Outlook will then automatically allow the player to execute.
...
Users can turn off scripting in Outlook and Explorer, but scripting cannot be disabled in Media Player. The exploit will work with WMP versions 7 and 8, even if scripting is disabled in Outlook and Explorer.


http://www.wired.com/news/technology...,51361,00.html


oh goody...well....WMP is a bloated pile of crap anyway ...