Vista's Windows Mail vulnerable to file execution attack

A design error in Microsoft's Windows Mail, the e-mail application bundled into Windows Vista, could expose users to remote file execution attacks, according to a warning from security researchers.

A hacker known as "Kingcope" published proof-of-concept code to show that remote code execution is possible if a user is tricked into clicking a malicious link.

The error is that Windows Mail will execute any executable file if a folder exists with the same name. » Vista’s Windows Mail vulnerable to file-execution attack | Zero Day |

Linked by shanmuga Tuesday, 3rd April 2007 1:06AM