Executive Summary

Informations
NameCVE-2015-2509First vendor Publication2015-09-08
VendorCveLast vendor Modification2019-05-15

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2509

CWE : Common Weakness Enumeration

%idName
100 %CWE-284Access Control (Authorization) Issues

CPE : Common Platform Enumeration

TypeDescriptionCount
Os1
Os1
Os1
Os1

SAINT Exploits

DescriptionLink
Windows Media Center command executionMore info here

Information Assurance Vulnerability Management (IAVM)

DateDescription
2015-09-10IAVM : 2015-B-0112 - Microsoft Media Center Remote Code Execution Vulnerability (MS15-100)
Severity : Category II - VMSKEY : V0061373

Snort® IPS/IDS

DateDescription
2016-06-07Microsoft Windows Media Center link file code execution attempt
RuleID : 38779 - Revision : 4 - Type : FILE-OTHER
2016-06-07Microsoft Windows Media Center link file code execution attempt
RuleID : 38778 - Revision : 4 - Type : FILE-OTHER
2016-03-14Windows Media Player mcl remote file execution attempt
RuleID : 36271 - Revision : 3 - Type : FILE-OTHER
2015-10-14Microsoft Windows Media Center link file code execution attempt
RuleID : 35983 - Revision : 3 - Type : FILE-OTHER
2015-10-14Windows Media Player mcl remote file execution attempt
RuleID : 35982 - Revision : 3 - Type : FILE-OTHER

Metasploit Database

idDescription
2015-09-08 MS15-100 Microsoft Windows Media Center MCL Vulnerability

Nessus® Vulnerability Scanner

DateDescription
2015-09-10Name : The remote Windows host is affected by a remote code execution vulnerability.
File : smb_nt_ms15-100.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/76594
EXPLOIT-DB https://www.exploit-db.com/exploits/38151/
https://www.exploit-db.com/exploits/38195/
MISC http://www.rapid7.com/db/modules/exploit/windows/fileformat/ms15_100_mcl_exe
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15...
SECTRACK http://www.securitytracker.com/id/1033499

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
DateInformations
2019-05-16 00:19:12
  • Multiple Updates
2019-05-09 05:19:09
  • Multiple Updates
2018-10-13 05:18:55
  • Multiple Updates
2017-09-16 09:23:16
  • Multiple Updates
2016-12-22 09:23:54
  • Multiple Updates
2016-12-12 21:22:36
  • Multiple Updates
2016-12-08 09:23:41
  • Multiple Updates
2016-11-29 00:25:08
  • Multiple Updates
2016-04-27 02:14:45
  • Multiple Updates
2015-10-18 17:24:16
  • Multiple Updates
2015-10-14 21:22:21
  • Multiple Updates
2015-09-18 21:22:11
  • Multiple Updates
2015-09-13 17:24:01
  • Multiple Updates
2015-09-11 21:25:32
  • Multiple Updates
2015-09-11 13:25:57
  • Multiple Updates
2015-09-10 21:27:00
  • Multiple Updates
2015-09-10 00:24:48
  • Multiple Updates
2015-09-09 21:26:27
  • Multiple Updates
2015-09-09 09:24:58
  • First insertion