CVE-2015-1728

Published Jun 10, 2015

Last updated 3 months ago

CVSS info 9.3

Overview

Description: Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability."
Source: secure@microsoft.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-17

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:windows_media_player:10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C28602CC-7866-4C30-B518-055923599A18"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:windows_media_player:10.00.00.3646:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "141C8502-881B-4555-A8F0-D31B3E578906"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:windows_media_player:10.00.00.3990:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43134A65-ADAA-4734-8B63-F96A9189FE34"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:windows_media_player:10.00.00.4019:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCD860A9-920B-43CA-B33D-3D3C0FCDAD77"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:windows_media_player:10.00.00.4036:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "971E1A0D-CB1D-4C6D-A9AC-FEBE8BAB7CBA"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:windows_media_player:11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B27BB8B0-BC24-4A3F-A18B-63D57AB4799B"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:windows_media_player:11.0.5721.5145:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C30B014E-E690-4D95-8E0E-D38429A38704"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:windows_media_player:11.0.5721.5230:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67E5BD38-EC42-4709-9B8C-2E3C4A78ED7E"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:windows_media_player:11.0.6000.6324:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE3942D8-A937-482F-8C95-99DF29102FED"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:windows_media_player:12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E5A4781-240A-4E84-AEA1-4542BEEF41CF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References