The specific flaw exists within the processing of VCard files. Crafted data in a VCard file can cause Windows to display a dangerous hyperlink. The user interface fails to provide any indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of the current user.
An attacker can create a specially crafted VCard file that contains in the contact’s website URL field that points to a local executable file. This second file can be sent within a zipped file as an email attachment or delivered via drive-by-download attacks.
User interaction is required for the exploitation of this flaw. victims have to visit a specially crafted page or open a file that is malicious.
Execution of arbitrary code.
Users are advised not to click on the additional hyperlink provided or visit a malicious page or malicious site.
If you think you’re a victim of a cyber-attack, immediately send an email to firstname.lastname@example.org.