CVE-2015-1728

Name: CVE-2015-1728
Creator: NVD / NIST
Published: 2015-06-10T01:59:09.647+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 17.68%

Last modified Jun 17, 2026

CVE-2015-1728 is a vulnerability of currently unknown severity. Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability.". EPSS estimates a 17.68% chance of exploitation in the next 30 days.

Description

Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability."

Metrics

EPSS Probability

17.68%

96.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-17

Affected Software

Vendor	Product	Versions
Microsoft	Windows Media Player	10
Microsoft	Windows Media Player	10.00.00.3646
Microsoft	Windows Media Player	10.00.00.3990
Microsoft	Windows Media Player	10.00.00.4019
Microsoft	Windows Media Player	10.00.00.4036
Microsoft	Windows Media Player	11
Microsoft	Windows Media Player	11.0.5721.5145
Microsoft	Windows Media Player	11.0.5721.5230
Microsoft	Windows Media Player	11.0.6000.6324
Microsoft	Windows Media Player	12

References

http://www.securitytracker.com/id/1032522Third Party Advisory, VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-057
https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1200Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1032522Third Party Advisory, VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-057
https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1200Third Party Advisory, VDB Entry

Timeline

Published: Jun 10, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-1728?

Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability."

How severe is CVE-2015-1728?

Severity scoring for CVE-2015-1728 is pending analysis. The EPSS model estimates a 17.68% probability of exploitation in the next 30 days.

How do I fix CVE-2015-1728?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-1728?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST