Windows Media Center command execution

Added: 09/15/2015
CVE: CVE-2015-2509

Background

Windows Media Center is software for watching DVDs and TV channels on Windows systems.

Problem

A vulnerability in Windows Media Center could allow command execution when a user opens an .mcl file which references an executable file supplied by an attacker.

Resolution

Apply the update referenced in Microsoft Security Bulletin MS15-100.

References

https://technet.microsoft.com/library/security/ms15-100

Limitations

Exploit works on Microsoft Windows Vista through 8.1.

One of the programs smbclient or mount_smbfs must be available on the SAINT host.

An SMB share which is anonymously readable by the target computer, and a user name and password with write access to that share, must be specified.

The vulnerable user must save the .mcl file via right-click menu. The vulnerability is triggered when the file is opened by Windows Media Center.

Platforms

Windows

Back to exploit index