Technology news and Jobs arrow Information Technology News arrow Vista users threatened by Windows Mail exploit
Vista users threatened by Windows Mail exploit E-mail
by Stan Beer   
Saturday, 24 March 2007
After months of touting Vista as the answer to the prayers of users seeking a secure Windows operating system, a new critical vulnerability has arisen as a retort to  Microsoft's claims. The vulnerability in Vista's email client Windows Mail would qualify for critical status, allowing a remote code execution exploit, if addressed by Microsoft under its monthly patching cycle.

Featured Whitepaper

5 Best Practices for Smartphone Support
The vulnerability in Windows Mail, the successor to Outlook Express, which was exposed on the Full Disclosure security mailing list by a hacker called Kingcope, has been acknowledged by Microsoft which is reported to be investigating further.

According to the Kingcope: "Remote Code Execution is possible if a user clicks on a malicious prepared link. Vistas Mail Client will execute any executable file if a folder exists with the same name. For example the victim has a folder in C:\ named blah and a batch script named blah.bat also in C:\. Now if the victim clicks on a link in the email message with the URL target set to C:\blah the batch script is executed without even asking. There is for example a CMD script by default in C:\Windows\System32\ named winrm.cmd (and also a folder named winrm inside System32)."

Needless to say, the description provides a perfect example as to why email recipients should not click on links from unknown sources.

Kingcope had previously on March 10 posted a message to the Full Disclosure list advertising zero day exploits for sale.{moscomment}


Tags See All Tags


Microsoft  Security  Stan Beer  Vista  Windows 
Powered By Joomla Tags

Please enable JavaScript in your browser to post your comment!
 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
 694,279
Subscribers 15,210
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff

- Advertisement -

Featured Whitepapers

...More

Business & IT Transformation Roles

  Sydney CBD
Project C
...More

Today on iTWireToday on iTWire

Latest news
Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

iTWire and you

Contact , Register , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page , Advertise with iTWire , Subscribe to SMS headlines , White Papers