The Play method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010 6.11.0609.2 allows remote attackers to execute arbitrary programs via a UNC share pathname in the MPlayerPath parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/68975
http://www.securityfocus.com/bid/48975