Microsoft Windows Media Center Remote Code Execution Vulnerability (CVE-2015-2509)

  Severity: CRITICAL
  CVE Identifier: CVE-2015-2509
  Advisory Date: SEP 09, 2015

  DESCRIPTION

A vulnerability exists in Windows Media Center that could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

Trend Micro researchers Aaron Luo, Kenney Lu, and Ziv Chang discovered this zero-day exploit, which also emerged from the Hacking Team leak.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

Featured Stories