📄 Microsoft MMC (.MSC) File Execution Abuse Leading / Admin Creation

This Metasploit local Windows exploit module abuses the way Microsoft Management Console MMC processes specially crafted .msc files to achieve arbitrary PowerShell execution when a user opens the file. The payload is designed to create a new local administrator account or execute a custom command...

Exploit for Improper Neutralization in Microsoft

CVE-2025-26633 - Microsoft Management Console .msc EvilTwin...

Microsoft Windows MSC File Insufficient UI Warning Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

MS15-054: Vulnerability in Microsoft Management Console file format could allow denial of service: May 12, 2015

MS15-054: Vulnerability in Microsoft Management Console file format could allow denial of service: May 12, 2015 Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote, unauthenticated attacker convinces a user to ope...

Microsoft Management Console Denial of Service Vulnerability

Microsoft Windows is a popular operating system. A security vulnerability in the Microsoft Windows Management Console's handling of the special '.msc' file allows an attacker to exploit the vulnerability to trick users into loading the file for a denial-of-service attack...

CVE-2015-1681

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service via a crafted .msc file, aka "Microsoft Management Console File Format Denial of...

Microsoft Management Console File Format Denial of Service (MS15-054; CVE-2015-1681)

A denial of service vulnerability has been reported in Microsoft Management Console. The vulnerability exists when Windows attempts to access a specially crafted .msc file to retrieve the icon information, and then fails to properly validate a destination buffer. A remote attacker can exploit thi...