KLA10660
Code execution vulnerability in Microsoft Windows Media Center
Updated: 09/24/2015
CVSS
9.3
Detect date
09/08/2015
Severity
Critical
Description

Lack of *.mcl (Media Center Link) files handling restrictions was found in Windows Media Center. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed mcl file.


Technical details

To exploit this vulnerability attacker must entice user to install malicious mcl file on the local machine. Code referenced by this file could be executed from attacker-controlled location.

Affected products

Windows Media Center

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts
ACE 
[?]
CVE-IDS

CVE-2015-2509

MS list

MS15-100

KB list

3087918

Original advisories

MS15-100

test label
test