Unrated severityNVD Advisory· Published Aug 12, 2014· Updated May 6, 2026

CVE-2014-4060

Description

Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka "CSyncBasePlayer Use After Free Vulnerability."

Affected products

Microsoft/Windows Media Center
cpe:2.3:a:microsoft:windows_media_center:-:*:*:*:*:*:*:*
Microsoft/Windows Media Center Tv Pack
cpe:2.3:a:microsoft:windows_media_center_tv_pack:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-043nvdPatchVendor Advisory
secunia.com/advisories/60671nvdThird Party Advisory
www.securityfocus.com/bid/69093nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.022
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000