Vulnerability in Microsoft Windows_media_player

CVE-2015-1728

Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability."

EPSS: 0.269 (96.5th percentile) — read the EPSS interpretation.

Affected products

Microsoft Windows_media_player — versions 10, 10.00.00.3646, 10.00.00.3990
N/a — versions n/a

Weakness classification (CWE)

CWE-17

References

1032522 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
20150701 Microsoft Windows Media Player DataObject Switch Memory Corruption Vulnerability (x_refsource_IDEFENSE, Third Party Advisory, VDB Entry, third-party-advisory)
MS15-057 (x_refsource_MS, vendor-advisory)