New Zero-day Vulnerability in Windows Systems

By

Attack exploits a flaw in the vCard electronic business card system

Security researcher John Page has found a zero-day vulnerability in Windows that could allow a remote attacker to compromise Windows machines and execute arbitrary code.

“This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows,” wrote Page.

However, there is a catch. “User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file,” he further added.

The flaw exists in the processing of vCard files. But a hacker can disguise anything in the vCard to embed a compromised link. But if any unsuspecting user clicks on the compromised URL, Windows would run the malicious software without throwing any warning.

Those who don’t know, vCard is VCF is file format used for storing contact information. Microsoft Outlook supports vCard.

Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-FILE-INSUFFICIENT-WARNING-REMOTE-CODE-EXECUTION.txt

01/15/2019

Related content

comments powered by Disqus