Posts

Windows Media Center Information Disclosure Vulnerability CVE-2015-6127 (Jan 22, 2016)

Windows Media Center (WMC) is digital video recorder and media player created by Microsoft. WMC allows remote attackers to read arbitrary files via a crafted .mcl file, aka “Windows Media Center Information Disclosure Vulnerability”

.mcl file has a application tag that has run parameter. When this file is opened whatever is in the run parameter gets executed .For example if we create a simple .mcl which looks like this and click it calculator pops up.

The application element can also have a URL parameter. The url/file mentioned in this parameter would be rendered as html in WMC’s embedded browser. So if the URL parameter points to itself (the same .mcl file), this file will be executed as html in WMC’s embedded browser. An attacker can create a specially crafted .mcl file which reads information from the user’s local system and send it to the attacker’s website.

As shown in the code below the url parameter in the newSong.mcl file points to itself. When the user clicks the mcl file it will launch
and the script in the mcl file will upload the “calc.exe” file to attacker’s website.

Due to this vulnerability (CVE-2015-6127) the attacker can disclose information or steal documents from victim’s computer.

Dell SonicWALL Threat Research Team has researched this vulnerability and released following signature to protect their customers.

  • IPS 11327 : Windows Media Center Information Disclosure (MS15-134)

Microsoft Security Bulletin Coverage (December 8, 2015)

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of December 8, 2015. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS15-124 Cumulative Security Update for Internet Explorer

  • CVE-2015-6083 Internet Explorer Memory Corruption Vulnerability
    IPS: 11316 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 1”
  • CVE-2015-6134 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6135 Scripting Engine Information Disclosure Vulnerability
    IPS: 11317 “Microsoft Scripting Engine Information Disclosure Vulnerability (MS15-124) “
  • CVE-2015-6136 Scripting Engine Memory Corruption Vulnerability
    IPS: 11324 “Microsoft Scripting Engine Memory Corruption Vulnerability (MS15-124) “
  • CVE-2015-6138 Internet Explorer XSS Filter Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6139 Microsoft Browser Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6140 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11325 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 1 “
  • CVE-2015-6141 Internet Explorer Memory Corruption Vulnerability
    IPS: 7645 “HTTP Client Shellcode Exploit 88 “
  • CVE-2015-6142 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11326 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 2”
  • CVE-2015-6143 Internet Explorer Memory Corruption Vulnerability
    IPS: 11318 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 3”
  • CVE-2015-6144 Microsoft Browser XSS Filter Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6145 Internet Explorer Memory Corruption Vulnerability
    IPS: 3930 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 2”
  • CVE-2015-6146 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6147 Internet Explorer Memory Corruption Vulnerability
    IPS: 11319 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 4”
  • CVE-2015-6148 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6149 Internet Explorer Memory Corruption Vulnerability
    IPS: 7645 “HTTP Client Shellcode Exploit 88 “
  • CVE-2015-6150 Internet Explorer Memory Corruption Vulnerability
    IPS: 11320 “Internet Explorer Memory Corruption Vulnerability (MS15-112) 1”
  • CVE-2015-6151 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6152 Internet Explorer Memory Corruption Vulnerability
    IPS: 11321 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 6”
  • CVE-2015-6153 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6154 Microsoft Browser Memory Corruption Vulnerability
    GAV: “Malformed.html.TL.265”
  • CVE-2015-6155 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6156 Internet Explorer Memory Corruption Vulnerability
    IPS: 11322 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 7”
  • CVE-2015-6157 Internet Explorer Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6158 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6159 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11330 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 3”
  • CVE-2015-6160 Internet Explorer Memory Corruption Vulnerability
    IPS: 11323 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 8”
  • CVE-2015-6161 Microsoft Browser ASLR Bypass
    There are no known exploits in the wild.
  • CVE-2015-6162 Internet Explorer Memory Corruption V
    ulnerability
    There are no known exploits in the wild.
  • CVE-2015-6158 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS15-125 Cumulative Security Update for Microsoft Edge

  • CVE-2015-6139 Microsoft Browser Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6140 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11325 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 1 “
  • CVE-2015-6142 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11326 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 2”
  • CVE-2015-6148 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6151 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6153 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6154 Microsoft Browser Memory Corruption Vulnerability
    GAV: “Malformed.html.TL.265”
  • CVE-2015-6155 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6158 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6159 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11330 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 3”
  • CVE-2015-6168 Microsoft Edge Memory Corruption Vulnerability
    IPS: 11328 “Microsoft Edge Memory Corruption Vulnerability (MS15-125) “
  • CVE-2015-6169 Microsoft Edge Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6170 Microsoft Edge Elevation of Privilege Vulnerability
    IPS: 11329 “Microsoft Edge Elevation of Privilege Vulnerability (MS15-125) “
  • CVE-2015-6176 Microsoft Edge XSS Filter Bypass Vulnerability
    There are no known exploits in the wild.

MS15-126 Cumulative Security Update for Jscript and VBScript to Address Remote Code Execution

  • CVE-2015-6135 Scripting Engine Information Disclosure Vulnerability
    IPS: 11317 “Microsoft Scripting Engine Information Disclosure Vulnerability (MS15-124) “
  • CVE-2015-6136 Scripting Engine Memory Corruption Vulnerability
    IPS: 11324 “Microsoft Scripting Engine Memory Corruption Vulnerability (MS15-124) “

MS15-127 Security Update for Microsoft Windows DNS to Address Remote Code Execution

  • CVE-2015-6125 Windows DNS Use After Free Vulnerability
    There are no known exploits in the wild.

MS15-128 Security Updates for Microsoft Graphics Component to Address Remote Code Execution

  • CVE-2015-6106 Graphics Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6107 Graphics Memory Corruption vulnerability
    SPY: 4276 “Malformed-File doc.MP.30”
  • CVE-2015-6108 Graphics Memory Corruption vulnerability
    There are no known exploits in the wild.

MS15-129 Security Update for Silverlight to Address Remote Code Execution

  • CVE-2015-6114 Microsoft Silverlight Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6165 Microsoft Silverlight Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6166 Microsoft Silverlight RCE Vulnerability
    There are no known exploits in the wild.

MS15-130 Security Update for Microsoft Uniscribe to Address Remote Code Execution

  • CVE-2015-6130 Windows Integer Underflow Vulnerability
    SPY: 3223 “Malformed-File ttf.MP.7”

MS15-131 Security Update for Microsoft Office to Address Remote Code Execution

  • CVE-2015-6040 Microsoft Office Me
    mory Corruption Vulnerability
    SPY: 3226 “Malformed-File xls.MP.51”
  • CVE-2015-6118 Microsoft Office Memory Corruption Vulnerability
    SPY: 1007 “Malformed-File doc.MP.33”
  • CVE-2015-6122 Microsoft Office Memory Corruption Vulnerability
    SPY: 3224 “Malformed-File xls.MP.50”
  • CVE-2015-6124 Microsoft Office Memory Corruption Vulnerability
    SPY: 3225 ” Malformed-File doc.MP.35″
  • CVE-2015-6172 Microsoft Office RCE Vulnerability
    SPY: 3863 ” KeywordFind.B Installer”
  • CVE-2015-6177 Microsoft Office Memory Corruption Vulnerability
    SPY: 1008 ” Malformed-File xls.MP.49″

MS15-132 Security Update for Microsoft Windows to Address Remote Code Execution

  • CVE-2015-6128 Windows library loading elevation of privilege vulnerability
    SPY: 1010 ” Malformed-File doc.MP.34″
  • CVE-2015-6177 Windows library loading elevation of privilege vulnerability
    SPY: 1011 ” Malformed-File ppsx.MP.1″
  • CVE-2015-6177 Windows library loading elevation of privilege vulnerability
    SPY: 2345 ” Malformed-File ppt.MP.4″

MS15-133 Security Update for Windows PGM to Address Elevation of Privilege

  • CVE-2015-6126 Windows PGM UAF Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS15-134 Security Update for Windows Media Center to Address Remote Code Execution

  • CVE-2015-6127 Windows Media Center Information Disclosure Vulnerability
    IPS: 11327 ” Windows Media Center Information Disclosure Vulnerability”
  • CVE-2015-6131 Media Center Library parsing RCE vulnerability
    There are no known exploits in the wild.

MS15-135 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege

  • CVE-2015-6171 Windows Kernel Memory Elevation of Privilege Vulnerability
    This is a local Vulnerability
  • CVE-2015-6173 Windows Kernel Memory Elevation of Privilege Vulnerability
    This is a local Vulnerability
  • CVE-2015-6174 Windows Kernel Memory Elevation of Privilege Vulnerability
    This is a local Vulnerability
  • CVE-2015-6175 Windows Kernel Memory Elevation of Privilege Vulnerability
    This is a local Vulnerability