Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Vista's Windows Mail - program execution - CVE-2007-1658 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Vista's Windows Mail - program execution - CVE-2007-1658

Published: 2007-03-24
Last Updated: 2007-03-24 20:55:36 UTC
by Swa Frantzen (Version: 1)
0 comment(s)

There is public discussion about a vulnerability in Microsoft Windows Vista's Windows Mail. It centers around crafted URLs that are able to start programs if a similarly named directory exists as well. Claims are made this works against both local resources and UNC paths (e.g. \\server\share\path\file ) which are intrinsically remote.

CVE-2007-1658 was assigned to this issue.

We're still seeking further information and will keep tracking this with the other publicly known unpatched vulnerabilities in Microsoft products.

--
Swa Frantzen -- NET2S

Keywords:
0 comment(s)
Diary Archives