Скачать или смотреть Windows Contact File HTML Injection RCE 0day / ZDI-CAN-7591

This was the last of three different vulnerabilities I reported to ZDI that Microsoft choose not to fix, a .VCF file vulnerability and two other separate vulnerabilities affecting Windows .Contact files.
https://www.zerodayinitiative.com/adv...

http://hyp3rlinx.altervista.org/advis...

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The flaw is due to the processing of ".contact" files, the E-mail address field takes an expected E-mail address value, however the .CONTACT file is vulnerable to HTML injection so if an attacker references an executable file using an HREF tag it will run that instead without warning instead of performing the expected email behavior. This is dangerous and would be unexpected to an end user.