Another critical remote-code execution vulnerability disclosed Tuesday involves Microsoft Windows Media Player technology. The buffer-overflow flaw exists in the way Media Player handles the Portable Network Graphics (PNG) image format associated with Media Player and could allow an attacker to take complete control of an affected system, the company warned.

In addition, security administrators should pay particular attention to vulnerabilities detailed in bulletin MS06-25 and MS06-29, according to an advisory from McAfee Inc.

The flaws described in MS06-25 affect the Windows Routing and Remote Access Service, while those described in MS06-29 deal with a script-injection vulnerability in Exchange Server.

"These vulnerabilities are worm candidates and could result in a mass-mailing worm," McAfee said.

Microsoft also announced fixes for several other flaws in products such as PowerPoint and Word.