CVE-2014-4060

Published: Aug 12, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka "CSyncBasePlayer Use After Free Vulnerability."

Affected (2)

Products: Microsoft: Windows Media Center, Windows Media Center Tv Pack

Microsoft

2 products

Windows Media Center

Windows Media Center Tv Pack

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Microsoft Windows Media Center	All versions

Running on/with	Platform Versions
Microsoft Windows 8	All versions
Microsoft Windows 8.1	All versions

Configuration B

1 vulnerable · 13 platform

Vulnerable Software	Affected Versions
Microsoft Windows Media Center Tv Pack	All versions

Running on/with	Platform Versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows Vista	All versions