Vigil@nce - Windows: denial of service via Microsoft Management Console MSC
July 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to load a file for the Microsoft
Management Console of Windows, in order to trigger a denial of
service.
Impacted products: Windows 2008 R0, Windows 2008 R2, Microsoft
Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista
Severity: 2/4
Creation date: 12/05/2015
DESCRIPTION OF THE VULNERABILITY
The Windows product can load modules in the Management Console,
using MSC files.
However, when this file is loaded, directly or through a network
share, a fatal error occurs.
An attacker can therefore invite the victim to load a file for the
Microsoft Management Console of Windows, in order to trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN