#VU5607 Arbitrary code execution in Windows - CVE-2015-2509
Published: February 2, 2017 / Updated: March 9, 2017
Vulnerability identifier: #VU5607
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2015-2509
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Windows
Windows
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper handling of Media Center link (.mcl) files. A remote attacker can create a specially crafted Media Center link (.mcl) file that references malicious code, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability results in system compromise.Note: the vulnerability was being actively exploited.
Remediation
Install update from vendor's website.