CVE-2015-1756

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description The issue is related to a use-after-free vulnerability in Microsoft Common Controls, allowing user-assisted remote attackers to execute arbitrary code via a crafted web site accessed with the F12 Developer Tools feature of Internet Explorer. This vulnerability can be exploited by a remote attacker to gain the same user rights as the current user. If the current user has administrative user rights, the attacker could take complete control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider disabling the F12 Developer Tools feature of Internet Explorer until a patch is available. Restrict access to crafted web sites to minimize the risk of exploitation.