Vulnerability in Windows Media Player Could Allow Remote Code Execution (MS15-057)

ITS Advisory Number: 
2015-061
Date(s) Issued: 
Tuesday, June 9, 2015
Subject: 
Vulnerability in Windows Media Player Could Allow Remote Code Execution (MS15-057)
Overview: 

A vulnerability has been discovered in Windows Media Player that could allow remote code execution if Windows Media Player opens specially crafted media content hosted on a malicious website. Successful exploitation of this vulnerability could lead to an attacker gaining the same rights to the box as the logged in user, execute arbitrary code and possibly command line access to the system. This could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.

Systems Affected: 
  • Windows Server 2003
  • Windows Server 2008
  • Windows Serever 2008 R2
  • Windows Vista
  • Windows 7
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

A vulnerability has been discovered in Windows Media Player that could allow remote code execution if Windows Media Player opens specially crafted media content hosted on a malicious website. To exploit this vulnerability a user must open a specially crafted DataObject in Windows Media Player. The security update addresses the vulnerability by correcting how Windows Media Player handles DataObjects.

Successful exploitation of this vulnerability could lead to an attacker gaining the same rights to the box as the logged in user, execute arbitrary code and possibly command line access to the system. This could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.

Actions: 

We recommend the following actions be taken:

  • Apply appropriate patches provided by Microsoft to affected systems immediately after appropriate testing.
  • Remind users not to download or open files from un-trusted websites, unknown users, or suspicious emails.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.