Oval Definition:oval:org.cisecurity:def:776
Revision Date:2016-07-15Version:8
Title:Windows Media Center Remote Code Execution Vulnerability - CVE-2016-0185 (MS16-059)
Description:Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2016-0185
Platform(s):Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows Vista
Product(s):Windows Media Center
Definition Synopsis
  • Vista + vulnerable file version
  • Vista/2008
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • AND vulnerable version
  • Check if the version of Ehshell.dll is less than 6.0.6002.19634
  • OR LDR
  • Check if the version of Ehshell.dll is less than 6.0.6002.23948
  • AND Check if the version of Ehshell.dll is greater than or equal to 6.0.6002.23000
  • OR Win7 + vulnerable file version
  • Win7
  • Microsoft Windows 7 (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows 7 x64 Service Pack 1 is installed
  • AND vulnerable version
  • Check if the version of Ehshell.dll is less than 6.1.7600.17545
  • OR LDR
  • Check if the version of Ehshell.dll is less than 6.1.7601.23434
  • AND Check if the version of Ehshell.dll is greater than or equal to 6.1.7601.23000
  • OR Win8.1 + vulnerable file version
  • Win8.1
  • Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • AND Check if the version of Ehshell.dll is less than 6.3.9600.18299
    • BACK