Windows Contact File HTML Injection Mailto: Link RCE 0day ZDI-CAN-7591 from vcf Watch Video
Preview(s):
Gallery
Play Video: (Note: The default playback of the video is HD VERSION. If your browser is buffering the video slowly, please play the REGULAR MP4 VERSION or Open The Video below for better experience. Thank you!)
Description: This was the last of three different vulnerabilities I reported to ZDI that Microsoft choose not to fix, a .VCF file vulnerability and two other separate vulnerabilities affecting Windows .Contact files.nnThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows.nUser interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.nnThe flaw is due to the processing of
Play Video: (Note: The default playback of the video is HD VERSION. If your browser is buffering the video slowly, please play the REGULAR MP4 VERSION or Open The Video below for better experience. Thank you!)