CVE-2015-6131

Windows Media Center - Remote Code Execution via Crafted .mcl File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-6131. PoCs published by Eduardo Braun Prado.

AI-analyzed exploit summary The exploit leverages a vulnerability in Microsoft Windows Media Center where MCL files can reference themselves as HTML pages, allowing arbitrary code execution via ADO ActiveX Objects in the local machine security zone. The PoC includes self-executing MCL files and a multi-stage payload to achieve RCE.

Description

Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted .mcl file, aka "Media Center Library Parsing RCE Vulnerability."

Exploits (1)

exploitdb WORKING POC
by Eduardo Braun Prado · textremotewindows
https://www.exploit-db.com/exploits/38911

The exploit leverages a vulnerability in Microsoft Windows Media Center where MCL files can reference themselves as HTML pages, allowing arbitrary code execution via ADO ActiveX Objects in the local machine security zone. The PoC includes self-executing MCL files and a multi-stage payload to achieve RCE.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows Media Center (latest version on any Windows OS)
No auth needed
Prerequisites: Victim must open the malicious MCL file · SMB share access for secondary payload delivery
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034335
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-134
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38911/

Scores

EPSS 0.3357
EPSS Percentile 98.2%

Details

CWE
CWE-20
Status published
Products (4)
microsoft/windows_7
microsoft/windows_8
microsoft/windows_8.1
microsoft/windows_vista
Published Dec 09, 2015
Tracked Since Feb 18, 2026