Microsoft Corp. on Wednesday issued a patch for a new critical vulnerability in Windows Me that gives attackers the ability to execute code on remote machines.
The vulnerability is the result of a buffer overrun in the Help and Support Center in Windows Me. Specifically, the problem lies in the URL handler for the "hcp://" prefix, which is used to execute URL links to the Help and Support Center.
In order to exploit the flaw, an attacker would need to create a URL that would execute the attacker's code when the user clicked on it. The attacker could either host the URL on a Web site or send it to a user in e-mail.
More at eWeek