The remote code execution vulnerability affects Windows XP and Windows Server 2003 with Internet Explorer 7 installed, and stems from the manner in which Windows handles certain types of URLs.