MS16-027: Security Update for Windows Media to Address Remote Code Execution (3143146)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by multiple remote code execution
vulnerabilities.

Description :

The version of Microsoft Windows Media Player installed on the remote
host is affected by multiple remote code execution vulnerabilities due
to improper handling of resources in the media library. An
unauthenticated, remote attacker can exploit these vulnerabilities by
convincing a user to open specially crafted media content, resulting
in the execution of arbitrary code in the context of the current user.

See also :

https://technet.microsoft.com/library/security/ms16-027

Solution :

Microsoft has released a set of patches for Windows 7, 2008 R2, 2012,
8.1, RT 8.1, 2012 R2, and 10.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 89750 ()

Bugtraq ID: 84089
84111

CVE ID: CVE-2016-0098
CVE-2016-0101

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now