The flaw in Windows XP can force the operating system to run code when a music file is played by Windows Explorer, the operating system's file-browsing application. Hovering the mouse pointer over a file will open a preview of it and trigger the file's payload, if it has one. The vulnerability doesn't affect Windows Media Player, Microsoft says.
The popular Nullsoft Winamp free media player is also vulnerable.
Further information and patches to Windows and Winamp are available in several places on the Web: the CERT Coordination Center at Carnegie Mellon University; Foundstone, with advisories for both Windows XP and Winamp; Microsoft; and Nullsoft, which has an update to Winamp.