Microsoft Windows Media Center, the very popular app still used by many people, (that can play a variety of file types and originally designed for playback and recording of TV shows from TV´s cable/antenna) is affected by an issue that allows malicious people to bypass the current security standards of the app, including modern browser security standards which could ultimately lead to arbitrary code execution. The issue can be exploited through specially crafted 'wma' or 'wmv' file containing a script instruction called 'URL'. By combining these 2 issues attackers may be able to reference a local html file in the context of MS IE core, which is hosted by a Media Center 'plugin' (ehexthost32). Because usually local files are parsed in the privileged Local Machine security zone, it´s possible to run arbitrary code on the target system, because Windows Media Center´s extensibility host (ehexthost32) does not enable the security feature 'Local Machine Zone Lockdown' (FEATURE_LOCALMACHINE_LOCKDOWN). Therefore attackers might be able to compromise the target system if they can exploit an Universal Cross Site Scripting (uXSS) issue, or plant a file in a predicatable location, like the user´s 'Downloads' folder.