CVE-2015-1728 | Vulnerability Database | Aqua Security

Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka Windows Media Player RCE via DataObject Vulnerability.

Affected Software

Name	Vendor	Start Version	End Version
Windows_media_player	Microsoft	10 (including)	10 (including)
Windows_media_player	Microsoft	10.00.00.3646 (including)	10.00.00.3646 (including)
Windows_media_player	Microsoft	10.00.00.3990 (including)	10.00.00.3990 (including)
Windows_media_player	Microsoft	10.00.00.4019 (including)	10.00.00.4019 (including)
Windows_media_player	Microsoft	10.00.00.4036 (including)	10.00.00.4036 (including)
Windows_media_player	Microsoft	11 (including)	11 (including)
Windows_media_player	Microsoft	11.0.5721.5145 (including)	11.0.5721.5145 (including)
Windows_media_player	Microsoft	11.0.5721.5230 (including)	11.0.5721.5230 (including)
Windows_media_player	Microsoft	11.0.6000.6324 (including)	11.0.6000.6324 (including)
Windows_media_player	Microsoft	12 (including)	12 (including)

References

http://www.securitytracker.com/id/1032522
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-057
https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1200

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-1728
CWE	https://cwe.mitre.org/data/definitions/17.html