It may have seen a vCard attached to an e-mail note someone has sent you. Although the attack requires user’s interaction, leaving the vulnerability unpatched would leave an opportunity for sophisticated attackers to target Windows users at large.Ī vCard is an electronic business (or personal) card and also the name of an industry specification for the kind of communication exchange that is done on business or personal cards. If a victim clicks ton suspicious website URL, the Windows operating system would run the malicious executable without displaying any warning, instead of opening the web address on the browser. A remote attacker can maliciously craft a VCard file in a way that the contact’s website URL stored within the file points to a local executable file, which can be sent within a zipped file via an email or delivered separately via drive-by-download techniques. Under a certain scenario it could allow a remote attacker to execute arbitrary code on Windows machine. A zero-day vulnerability has been discovered and reported in the Microsoft’s Windows operating system.
0 kommentar(er)
