Subscribe via feed.

Microsoft Windows .contact Arbitrary Code Execution

Posted by deepcore on January 17, 2019 – 9:24 am

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to the processing of “.contact” files node param which takes an expected website value, however if an attacker references an executable file it will run that instead without warning instead of performing expected web navigation. This is dangerous and would be unexpected to an end user.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.