Core Security Technologies Advisory – The ‘application’ tag in Microsoft Windows Media Center link files (.mcl extension) can include a ‘run’ parameter, which indicates the path of a file to be launched when opening the MCL file, or a ‘url’ parameter, which indicates the URL of a web page to be loaded within the Media Center’s embedded web browser. A specially crafted MCL file having said ‘url’ parameter pointing to the MCL file itself can trick Windows Media Center into rendering the very same MCL file as a local HTML file within the Media Center’s embedded web browser.