Technology news and Jobs 
Information Technology News Vista users threatened by Windows Mail exploit
Information Technology News Vista users threatened by Windows Mail exploit | Vista users threatened by Windows Mail exploit |
|
|
|
| Written by Stan Beer | |
| Saturday, 24 March 2007 | |
|
According to the Kingcope: "Remote Code Execution is possible if a user clicks on a malicious prepared link. Vistas Mail Client will execute any executable file if a folder exists with the same name. For example the victim has a folder in C:\ named blah and a batch script named blah.bat also in C:\. Now if the victim clicks on a link in the email message with the URL target set to C:\blah the batch script is executed without even asking. There is for example a CMD script by default in C:\Windows\System32\ named winrm.cmd (and also a folder named winrm inside System32)." Needless to say, the description provides a perfect example as to why email recipients should not click on links from unknown sources.
Kingcope had previously on March 10 posted a message to the Full
Disclosure list advertising zero day exploits for sale.{moscomment}
Get stories like this delivered daily - FREE - subscribe now When you subscribe get a 12 months license for LiveProject Valued at $99 USD  Download the FREE iTWire desktop alert widget
  |
Tags
| < Prev | Next > |
|---|
Subscribe to iTWire's daily e-newsletter now and get a FREE 12 month license to project management software valued at $99 USD. 
