Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly.

The vulnerability, which enables an attacker to execute arbitrary commands based on system privileges held by the affected user, has been both acknowledged and confirmed by Microsoft Engineers.

Currently, the exploit is known to affect both Microsoft Windows XP, and Windows Server 2003 Operating Systems, with the attack enhanced against users running Internet Explorer version 8+ and other major web browsers utalising Windows Media Player.

Machines running older versions of Internet Explorer are, as usual even more vulnerable to the attack.
 
This exploit was discovered by Information Security Engineer, Tavis Ormandy.