1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
49.4%
This vulnerability allows an attacker to cause a denial of service condition on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit open a malicious directory or device. The specific flaw exists within the handling of Microsoft Management Console Snap-in Control files (.msc files). These files can contain encoded icons for display in the Windows shell or common file dialogs. By malforming this icon information, an attacker can overflow a statically allocated buffer on the stack and cause a denial of service condition. Because this is exposed through the common file dialogs, third-party applications or extensions may also be vulnerable to denial of service or execution of arbitrary code.