Home

CVE-2014-4060

Description

Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka CSyncBasePlayer Use After Free Vulnerability.

Risk Information

Base Score
7.8
MODERATE
Vector
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
16.013

Associated Vulnerability

VulnerabilityOS Platform
ms14-043: vulnerability in windows media center could allow remote code execution: august 12, 2014 for Windows 7 (KB2978742)Windows
ms14-043: vulnerability in windows media center could allow remote code execution: august 12, 2014 for Windows 8 (KB2978742)Windows
ms14-043: vulnerability in windows media center could allow remote code execution: august 12, 2014 for Windows 8.1 (KB2978742)Windows
ms14-043: vulnerability in windows media center could allow remote code execution: august 12, 2014 for Windows 7 for x64-based Systems (KB2978742)Windows
ms14-043: vulnerability in windows media center could allow remote code execution: august 12, 2014 for Windows 8 for x64-based Systems (KB2978742)Windows
ms14-043: vulnerability in windows media center could allow remote code execution: august 12, 2014 for Windows 8.1 for x64-based Systems (KB2978742)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-15923Security Update for Windows 7 (KB2978742)
PATCH-15924Security Update for Windows 8 (KB2978742)
PATCH-15925Security Update for Windows 8.1 (KB2978742)
PATCH-15926Security Update for Windows 7 for x64-based Systems (KB2978742)
PATCH-15927Security Update for Windows 8 for x64-based Systems (KB2978742)
PATCH-15928Security Update for Windows 8.1 for x64-based Systems (KB2978742)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234