CVE-2016-0185
CVE-2016-0185
In short
Windows Media Center can be tricked into running malicious code when you open a specially crafted link file (.mcl). An attacker can exploit this to take control of your computer remotely.
Technical detail
A remote code execution vulnerability exists in Windows Media Center (Vista SP2, 7 SP1, 8.1) where processing a maliciously crafted .mcl file allows arbitrary code execution with user privileges. Attack vector is via user interaction with a malicious Media Center link file; requires the victim to open the crafted file.
Summary generated and translated by AI from the official description.
Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/39805/unverifiedexploitdbwww.exploit-db.com/exploits/39805unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-059https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0185https://www.exploit-db.com/exploits/39805/http://www.securityfocus.com/bid/90023http://www.securitytracker.com/id/1035832http://www.zerodayinitiative.com/advisories/ZDI-16-277