Microsoft Comctl32 Arbitrary Code Execution Vulnerability



A vulnerability in comctl32.dll component of Microsoft Windows could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability is due to improper memory operations that are performed by the affected software. An attacker could exploit the vulnerability by persuading a user to access a file that submits malicious input to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user. If the user has elevated privileges, the attacker could compromise the system completely.

Microsoft confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-0765

Source:: Cisco Multivendor Vulnerability Alerts