Microsoft Windows Vista - Windows Mail Local File Execution

EDB-ID:

29771

Author:

kingcope

Type:

remote

Platform:

Windows

Published:

2007-03-23

source: http://www.securityfocus.com/bid/23103/info

Microsoft Windows Vista Windows Mail is prone to a local file-execution vulnerability due to a design error.

An attackers may exploit this issue to execute local files. The attacker must entice a victim into opening a maliciously crafted link using the affected application.

The vendor reports this issue can also be exploited through use of UNC navigation to execute arbitrary remote code. This may facilitate a remote compromise of the affected computer. 

Content-Type: text/html\r\n\r\n<a href=\"c:/windows/system32/winrm?\">Click here!</a>