Vulnerabilities > CVE-2015-1756 - Use After Free vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Use-after-free vulnerability in Microsoft Common Controls in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted web site that is accessed with the F12 Developer Tools feature of Internet Explorer, aka "Microsoft Common Control Use After Free Vulnerability." CWE-416: Use After Free https://cwe.mitre.org/data/definitions/416.html
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 11 |
Common Weakness Enumeration (CWE)
Msbulletin
| bulletin_id | MS15-060 |
| bulletin_url | |
| date | 2015-06-09T00:00:00 |
| impact | Remote Code Execution |
| knowledgebase_id | 3059317 |
| knowledgebase_url | |
| severity | Important |
| title | Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS15-060.NASL |
| description | The remote Windows host is affected by a remote code execution vulnerability due to a user-after-free error in Microsoft Common Controls. A remote attacker can exploit this vulnerability by convincing a user to click a specially crafted link, resulting in the execution of arbitrary code in the context of the current user. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 84056 |
| published | 2015-06-09 |
| reporter | This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/84056 |
| title | MS15-060: Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317) |