Vista's Windows Mail vulnerable to file-execution attack

Summary:A design error in Microsoft's Windows Mail, the e-mail application bundled into Windows Vista, could expose users to remote file-execution attacks, according to a warning from security researchers.A hacker known as "Kingcope" published proof-of-concept code to show that remote code execution is possible if a user is tricked into clicking a malicious link.

A design error in Microsoft's Windows Mail, the e-mail application bundled into Windows Vista, could expose users to remote file-execution attacks, according to a warning from security researchers.

A hacker known as "Kingcope" published proof-of-concept code to show that remote code execution is possible if a user is tricked into clicking a malicious link.

The error is that Windows Mail will execute any executable file if a folder exists with the same name.

"For example the victim has a folder in C: named blah and a batch script named blah.bat also in C:. Now if the victim clicks on a link in the email message with the URL target set to C:lah the batch script is executed without even asking," Kingcope explained.

If a UNC path is employed in an attack, then no local files are required to be present for this issue to be exploited.

A successful attack can facilitate remote code execution and result in unauthorized access in the context of the vulnerable user.

Microsoft is investigating Kingcope's claim but a spokesman made it clear the company was "not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time."

"Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary," the spokesman said in an e-mailed statement.

Topics: Windows

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.