Cyber Resilience

CVE-2016-0185

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 11 May 2016

Published
11 May 2016
Modified
22 April 2026
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.8024 99.1th percentile
Risk Priority 84 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2016-0185 is a high-severity an unspecified weakness vulnerability in Microsoft Windows 7. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).

Deeper analysis

The vulnerability is a remote code execution flaw in the Media Center component of Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1. It is triggered when a user opens a specially crafted Media Center link file with the .mcl extension, as described in the "Windows Media Center Remote Code Execution Vulnerability."

An attacker can exploit the issue by supplying a malicious .mcl file, for example via email or a web download, and convincing a target user to open it. Successful exploitation grants the attacker the ability to execute arbitrary code with the privileges of the logged-on user, resulting in full confidentiality, integrity, and availability impact according to the CVSS vector.

Microsoft addressed the issue in security bulletin MS16-059, which provides patches for the affected Windows versions. Public references also include exploit code on Exploit-DB and a Zero Day Initiative advisory (ZDI-16-277) that detail the flaw.

EU & UK References

Vulnerability details

Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability."

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows vista
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor patch (MS16-059) that eliminates the .mcl parsing flaw before exploitation can occur.

preventdetect

Deploys endpoint malicious-code protection that can inspect, block, or alert on specially crafted .mcl files delivered via email or web.

prevent

Enforces least functionality by disabling or removing the Media Center component entirely on systems where it is not required, eliminating the attack surface.

References