vendor:
Windows 7
by:
Francisco Falcon
3,3
CVSS
MEDIUM
Use of Incorrectly-Resolved Name or Reference [CWE-706]
706
CWE
Product Name: Windows 7
Affected Version From: Windows 7 for x64-based Systems Service Pack 1 (with Internet Explorer 11 installed)
Affected Version To: Other versions are probably affected too, but they were not checked.
Patch Exists: Yes
Related CWE: CVE-2015-6127
CPE: o:microsoft:windows_7::sp1:x64
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2015
Microsoft Windows Media Center link file incorrectly resolved reference
The 'application' tag in Microsoft Windows Media Center link files (.mcl extension) can include a 'run' parameter, which indicates the path of a file to be launched when opening the MCL file, or a 'url' parameter, which indicates the URL of a web page to be loaded within the Media Center's embedded web browser. A specially crafted MCL file having said 'url' parameter pointing to the MCL file itself can trick Windows Media Center into rendering the very same MCL file as a local HTML file within the Media Center's embedded web browser.
Mitigation:
Microsoft posted the following Security Bulletin: MS15-134
