CVE-2015-1681
Description
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service via a crafted .msc file, aka "Microsoft Management Console File Format Denial of Service Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Opening a crafted .msc file causes a denial of service in Microsoft Management Console on various Windows versions; fixed in MS15-054.
Vulnerability
A denial of service vulnerability exists in the Microsoft Management Console file format, affecting Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 [1]. The flaw occurs when the MMC process parses a specially crafted .msc file, leading to improper validation of destination buffers [1].
Exploitation
An unauthenticated remote attacker must convince a user to open a specially crafted .msc file, for example by hosting it on a network share or sending it via email [1]. The attacker cannot force the user to open the file; user interaction is required [1]. The exploit sequence involves the user opening the malicious .msc file, triggering the vulnerable code path in the MMC snap-in loader [1].
Impact
Successful exploitation causes a denial of service, as the Microsoft Management Console process exits or becomes unresponsive, potentially preventing legitimate administrative tools from functioning [1]. The impact is limited to availability; no elevation of privilege or data compromise occurs [1].
Mitigation
Microsoft released security update MS15-054 (KB3051768) on May 12, 2015, which addresses the vulnerability by correcting the buffer validation logic [1]. Administrators should apply the update via Windows Update or direct download. No workarounds are documented [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
14- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*+ 2 more
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-054nvdPatchVendor Advisory
- www.securityfocus.com/bid/74486nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1032286nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.