CVE-2014-4060

Name of the Vulnerable Software and Affected Versions Windows Media Center versions prior to the fixed version

Description The issue allows remote attackers to execute arbitrary code. To exploit this, an attacker must convince a user to open a specially crafted Microsoft Office file. This is achieved through a use-after-free vulnerability in the MCPlayer.dll, specifically when a CSyncBasePlayer object is deleted, allowing for the execution of arbitrary code.

Recommendations For Windows Media Center, update to a version that includes the fix for the CSyncBasePlayer Use After Free issue. As a temporary workaround, consider restricting the use of Microsoft Office files from untrusted sources to minimize the risk of exploitation.