Microsoft Windows .MSC Stack Buffer Overflow Denial of Service Vulnerability

This vulnerability allows an attacker to cause a denial of service condition on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit open a malicious directory or device. The specific flaw exists within the handling of Microsoft Management Console Snap-in Control files (.msc files). These files can contain encoded icons for display in the Windows shell or common file dialogs. By malforming this icon information, an attacker can overflow a statically allocated buffer on the stack and cause a denial of service condition. Because this is exposed through the common file dialogs, third-party applications or extensions may also be vulnerable to denial of service or execution of arbitrary code.