Remote Code Execution Vulnerability in Microsoft Windows Media Player
CVE-2015-1728

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Media Player
Vendor: CVE Published:; 10 June 2015

What is CVE-2015-1728?

A vulnerability in Microsoft Windows Media Player versions 10 through 12 enables remote attackers to execute arbitrary code on a targeted system. This can occur through a specially crafted DataObject on a compromised website. Successful exploitation of this vulnerability could allow the attacker to gain control of the affected system, install programs, view, change, or delete data, and create new accounts with full user rights. Users are encouraged to apply the appropriate security updates to mitigate the risk associated with this vulnerability.

References

http://www.securitytracker.com/id/1032522

vdb-entryx_refsource_SECTRACK

https://www.verisign.com/en_US/security-services/security...

third-party-advisoryx_refsource_IDEFENSE

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

26% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 10, 2015
Vulnerability Reserved
Feb 17, 2015