Windows Mail URL Bug Lets Remote Users Cause Execute Existing Code on the Target User's System to Be Executed
Windows Mail URL Bug Lets Remote Users Cause Execute Existing Code on the Target User's System to Be ExecutedSecurityTracker Alert ID: 1017816
SecurityTracker URL: http://securitytracker.com/id?1017816
CVE Reference: CVE-2007-1658 (Links to External Site)
Date: Mar 26 2007
Impact: Execution of arbitrary code via network, User access via network
Exploit Included: Yes
Description: A vulnerability was reported in Windows Mail. A remote user can cause code to be executed on the target user's system without warning when the user clicks on a link.
A remote user can send an e-mail message containing a specially crafted link that, when loaded by the target user, will execute an arbitrary existing executable file located on the target user's system. The executable will run without warning and will run with the privileges of the target user.
Kingcope discovered this vulnerability.
Impact: A remote user can cause existing code located on the target user's system to be executed with the privileges of the target user when the user clicks on a specially crafted link.
Solution: No solution was available at the time of this entry.
Vendor URL: www.microsoft.com/
Cause: State error
Underlying OS: Windows (Vista)
Reported By: "Kingcope"
Labels: Advisory, Microsoft, Vulnerability
<< Home