PT-2016-1995 · Microsoft · Windows 8.1+4

Eduardo Braun Prado

Published

2016-05-10

Updated

2025-03-26

CVE-2016-0185

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Media Center versions in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1

Description The issue allows remote attackers to execute arbitrary code via a crafted Media Center link file. This can enable an attacker to run malicious code on the system. The vulnerability can be exploited by creating a specially crafted Media Center file, which when opened, allows the attacker to execute arbitrary code.

Recommendations For Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1, consider disabling the handling of .mcl files until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2016-01329

CVE-2016-0185

ZDI-16-277

Affected Products

Mediacenter

Windows

Windows 7 Sp1

Windows 8.1

Windows Vista Sp2

PT-2016-1995 · Microsoft · Windows 8.1+4

CVE-2016-0185

Weakness Enumeration

Related Identifiers

Affected Products

References · 16