CVE-2014-4060
medium
CVSS v3
—
CVSS v2
6.8
VIR risk
6.8
Description
Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka "CSyncBasePlayer Use After Free Vulnerability."
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@microsoft.com — https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-043
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| windows | - | not-affected | |
| windows | not-affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| microsoft | windows_media_center | - | |
| microsoft | windows_media_center_tv_pack | - | |
References
- http://secunia.com/advisories/60671
- http://www.securityfocus.com/bid/69093
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-043
- http://secunia.com/advisories/60671
- http://www.securityfocus.com/bid/69093
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-043
CWEs
CWE-416
Verify integrity in audit chain (admin only). AS-IS.