Advisory Details

This vulnerability allows an attacker to cause a denial of service condition on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit open a malicious directory or device.

The specific flaw exists within the handling of Microsoft Management Console Snap-in Control files (.msc files). These files can contain encoded icons for display in the Windows shell or common file dialogs. By malforming this icon information, an attacker can overflow a statically allocated buffer on the stack and cause a denial of service condition. Because this is exposed through the common file dialogs, third-party applications or extensions may also be vulnerable to denial of service or execution of arbitrary code.

• 2015-02-17 - Vulnerability reported to vendor
• 2015-05-12 - Coordinated public release of advisory