SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft Common Controls F12 Developer Tools Use-After-Free Memory Error Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1032524
SecurityTracker URL:  http://securitytracker.com/id/1032524
CVE Reference:   CVE-2015-1756   (Links to External Site)
Date:  Jun 9 2015
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs
Description:   A vulnerability was reported in Microsoft Common Controls. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted link that, when loaded by the target user and when the target user subsequently invokes the F12 Developer Tools in Internet Explorer, will trigger a use-after-free memory error and execute arbitrary code on the target user's system.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fix.

Windows Vista Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=04d7e9e0-fcd9-4d4b-bb3e-0837d22209b8

Windows Vista x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=cf29b3b4-e6d5-42ff-9fff-90178b6ea566

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=55380f74-e555-46b2-903c-005b520fbb6e

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=077ad4b6-78d9-4c32-9608-8576b373974f

Windows Server 2008 for Itanium-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=2dc2ff56-8171-444f-b634-51dc9ffae6d1

Windows 7 for 32-bit Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=522b5051-5055-497f-ad6c-d0c7a3e359c1

Windows 7 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=bd41e5f2-4c24-41c3-a01d-1455f6bf708a

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=43a34f07-e7f4-4d7f-b152-2833ffe54169

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=9591f9ea-7d10-4991-9e43-25b405065eb0

Windows 8 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=52314b43-50dc-47d4-89ea-ae6b95f69def

Windows 8 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=e9e6a547-a85e-4f05-bfa9-cdeda0234ce9

Windows 8.1 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=0649402a-e586-446e-ab4e-fed805ff4915

Windows 8.1 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=eb0d4f03-d7a4-440f-a805-b6e9f210e986

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=245f31e1-5237-4e3d-bcf3-22d70f8ed7a2

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=080cef8e-ecf4-4a57-bffd-64aa504f40d7

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=55380f74-e555-46b2-903c-005b520fbb6e

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=077ad4b6-78d9-4c32-9608-8576b373974f

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=43a34f07-e7f4-4d7f-b152-2833ffe54169

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=245f31e1-5237-4e3d-bcf3-22d70f8ed7a2

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=080cef8e-ecf4-4a57-bffd-64aa504f40d7

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms15-060

Vendor URL:  technet.microsoft.com/library/security/ms15-060 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC