New Zero-day Vulnerability in Windows Systems

By

Attack exploits a flaw in the vCard electronic business card system

Security researcher John Page has found a zero-day vulnerability in Windows that could allow a remote attacker to compromise Windows machines and execute arbitrary code.

“This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows,” wrote Page.

However, there is a catch. “User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file,” he further added.

The flaw exists in the processing of vCard files. But a hacker can disguise anything in the vCard to embed a compromised link. But if any unsuspecting user clicks on the compromised URL, Windows would run the malicious software without throwing any warning.

Those who don’t know, vCard is VCF is file format used for storing contact information. Microsoft Outlook supports vCard.

Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-FILE-INSUFFICIENT-WARNING-REMOTE-CODE-EXECUTION.txt

01/15/2019

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=