CVE-2014-4060
Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka "CSyncBasePlayer Use After Free Vulnerability."
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.2767 (27.7%)
Percentile: 96.5%
EPSS: 2026-05-06
Affects
microsoft:windows_media_centermicrosoft:windows_8microsoft:windows_8.1microsoft:windows_media_center_tv_packmicrosoft:windows_7microsoft:windows_vistaTechnical description
Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka "CSyncBasePlayer Use After Free Vulnerability."
Published: 8/12/2014, 9:55:07 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://secunia.com/advisories/60671
- http://www.securityfocus.com/bid/69093
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-043
- http://secunia.com/advisories/60671
- http://www.securityfocus.com/bid/69093
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-043