The flaw exists in the processing of vCard files, but a hacker can disguise anything in the vCard to embed a compromised link. If any unsuspecting user clicks on the compromised URL, Windows would run the malicious software without throwing any warning.
For those who don't know, vCard is a VCF file format used for storing contact information. Microsoft Outlook supports vCard.
Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-FILE-INSUFFICIENT-WARNING-REMOTE-CODE-EXECUTION.txt
沒有留言:
張貼留言