← back
CVE-2016-0185

CVE-2016-0185

CVSS 7.8 HIGHEPSS 69.9%● KEV
Vexday Risk Score
83Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS 7.8EPSS 69.9%KEV simPoC públicaNuclei Metasploit Patch referenciado
Lifecycle
11 May 2016Published on NVD
12 May 2016Public PoC
03 Nov 2021Active exploitation (CISA KEV)
Weaponization speed
1 daysto first PoC
2002 daysto active exploitation (KEV)
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

Windows Media Center can be tricked into running malicious code when you open a specially crafted link file (.mcl). An attacker can exploit this to take control of your computer remotely.

Technical detail

A remote code execution vulnerability exists in Windows Media Center (Vista SP2, 7 SP1, 8.1) where processing a maliciously crafted .mcl file allows arbitrary code execution with user privileges. Attack vector is via user interaction with a malicious Media Center link file; requires the victim to open the crafted file.

Summary generated and translated by AI from the official description.
Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.