header-logo
Suggest Exploit
vendor:
Windows Vista Windows Mail
by:
SecurityFocus
8.8
CVSS
HIGH
Local File-Execution Vulnerability
94
CWE
Product Name: Windows Vista Windows Mail
Affected Version From: Microsoft Windows Vista Windows Mail
Affected Version To: Microsoft Windows Vista Windows Mail
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2007

Microsoft Windows Vista Windows Mail Local File-Execution Vulnerability

Microsoft Windows Vista Windows Mail is prone to a local file-execution vulnerability due to a design error. An attackers may exploit this issue to execute local files. The attacker must entice a victim into opening a maliciously crafted link using the affected application. The vendor reports this issue can also be exploited through use of UNC navigation to execute arbitrary remote code. This may facilitate a remote compromise of the affected computer.

Mitigation:

Users should avoid opening links from untrusted sources.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23103/info

Microsoft Windows Vista Windows Mail is prone to a local file-execution vulnerability due to a design error.

An attackers may exploit this issue to execute local files. The attacker must entice a victim into opening a maliciously crafted link using the affected application.

The vendor reports this issue can also be exploited through use of UNC navigation to execute arbitrary remote code. This may facilitate a remote compromise of the affected computer. 

Content-Type: text/html\r\n\r\n<a href=\"c:/windows/system32/winrm?\">Click here!</a>

Navigation

Suggest Exploit

Services By CQR