Remote Code Execution Vulnerability in Microsoft Windows Media Center
CVE-2015-6131

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 8.1; Windows 7; Windows Vista; Windows 8
Vendor: CVE Published:; 9 December 2015

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 59%

What is CVE-2015-6131?

A vulnerability in Microsoft Windows Media Center allows remote attackers to execute arbitrary code on vulnerable systems. By crafting a malicious .mcl file and enticing a user to open it, an attacker can gain unauthorized access and execute harmful commands. This impacts multiple versions of Microsoft Windows, including Vista, 7, 8, and 8.1.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-6131 - Proof of Concept

References

http://www.securitytracker.com/id/1034335

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://www.exploit-db.com/exploits/38911/

exploitx_refsource_EXPLOIT-DB

EPSS Score

59% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 9, 2015
👾
Exploit known to exist
Dec 9, 2015
Vulnerability published
Dec 9, 2015
Vulnerability Reserved
Aug 14, 2015

CVE-2015-6131 Data

JSON