Microsoft Windows Media Center Remote Code Execution Vulnerability
RISK: Medium Risk
TYPE: Clients - Audio & Video
A vulnerability exists in Windows Media Center that could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could take control of an affected system. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Workstations are primarily at risk of this vulnerability.
To exploit the vulnerability, user interaction is required. In a web-browsing scenario, a user would have to navigate to a compromised website that an attacker is using to host a malicious .mcl file. In an email attack scenario, an attacker would have to convince a user who is logged on to a vulnerable workstation to click a specially crafted link in an email. The security update addresses the vulnerability by correcting how Windows Media Center handles certain resources in the .mcl file.
Impact
- Remote Code Execution
System / Technologies affected
- Windows Vista, 7, 8.1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
https://technet.microsoft.com/library/security/MS16-059
Vulnerability Identifier
Source
Related Link
Share with