Microsoft email flaw targets Vista users

By

Researchers have reported a vulnerability in Microsoft Vista's email client, Windows Mail, which could allow remote attackers to execute code.

Microsoft email flaw targets Vista users
Cybercrooks have persuaded users to click on a malicious URL that attempts to exploit the flaw by sending a specially crafted email, according to an IBM Internet Security Systems X-Force advisory released over the weekend.

The advisory labelled the bug "medium risk" because it requires user interaction to be exploited.

According to a National Vulnerability Database summary, The vulnerability exists because Windows Mail might allow remote attackers to execute certain programs via a link to a local file or UNC (universal naming convention) share path name in which there is a directory with the same base name as an executable program at the same level.

UNC is a filename format used to indicate the location of directories or resources to be accessed.

A Microsoft spokesman said the software giant was investigating, but not aware of any attacks exploiting the flaw.

Vista deployment rates are still low within the enteprise, with most analysts expecting the roll-over to come in the next 18 to 24 months.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?