CVE-2015-0096

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2003 SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1

Description A remote code execution issue exists due to improper handling of DLL files by Microsoft Windows, allowing an attacker to gain complete control of an affected system. This could enable the installation of programs, viewing, changing, or deleting data, or creating new accounts with full user rights. The issue can be exploited via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut.

Recommendations For Microsoft Windows Server 2003 SP2, apply the official fix. For Microsoft Windows Vista SP2, apply the official fix. For Microsoft Windows Server 2008 SP2 and R2 SP1, apply the official fix. For Microsoft Windows 7 SP1, apply the official fix. For Microsoft Windows 8, apply the official fix. For Microsoft Windows 8.1, apply the official fix. For Microsoft Windows Server 2012 Gold and R2, apply the official fix. For Microsoft Windows RT Gold and 8.1, apply the official fix.