CVE-2015-6127 : Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, a

Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to read arbitrary files via a crafted .mcl file, aka "Windows Media Center Information Disclosure Vulnerability."

Published 2015-12-09 11:59:13

Updated 2019-05-15 14:04:43

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2015-6127

Microsoft » Windows Vista » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Version: N/A Update SP1
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8 » Version: N/A
cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-6127

EPSS FAQ

81.94%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2015-6127

MS15-134 Microsoft Windows Media Center MCL Information Disclosure

Disclosure Date: 2015-12-08

First seen: 2020-04-26

auxiliary/server/ms15_134_mcl_leak

This module exploits a vulnerability found in Windows Media Center. It allows an MCL file to render itself as an HTML document in the local machine zone by Internet Explorer, which can be used to leak files on the target machine. Please be aware that if this exploit

More information

CVSS scores for CVE-2015-6127

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2015-6127

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-6127

http://www.securityfocus.com/bid/78516

Microsoft Windows CVE-2015-6127 Information Disclosure Vulnerability
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1034335

Windows Media Center '.mcl' File Processing Flaw Lets Remote Users Execute Arbitrary C ode - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-134

Microsoft Security Bulletin MS15-134 - Important | Microsoft Docs
Patch;Vendor Advisory

CVEs referencing this url
https://www.exploit-db.com/exploits/38912/

Microsoft Windows Media Center - '.Link' File Incorrectly Resolved Reference (MS15-134)
Exploit;Third Party Advisory;VDB Entry

Jump to