This is a cumulative patch that includes the functionality of all previously released patches for Windows Media Player 6.4. In addition, it eliminates the following three newly discovered vulnerabilities: An information disclosure vulnerability that could allow an attacker to run code on the user's system and is rated as critical severity. A privilege elevation vulnerability that could enable an attacker who can physically logon locally to a Windows 2000 machine and run a program to obtain the same rights as the operating system. A script execution vulnerability related that could run a script of an attacker's choice as if the user had chosen to run it after playing a specially formed media file and then viewing a specially constructed web page. This particular vulnerability has specific timing requirements that make attempts to exploit vulnerability difficult and is rated as low severity.