There is public discussion about a vulnerability in Microsoft Windows Vista's Windows Mail. It centers around crafted URLs that are able to start programs if a similarly named directory exists as well. Claims are made this works against both local resources and UNC paths (e.g. \\server\share\path\file ) which are intrinsically remote. CVE-2007-1658 was assigned to this issue. We're still seeking further information and will keep tracking this with the other publicly known unpatched vulnerabilities in Microsoft products. -- |
Swa 760 Posts Mar 24th 2007 |
Thread locked Subscribe |
Mar 24th 2007 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!