Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
SEVERITY: HIGH
ANALYSIS SUMMARY
The specific flaw exists within the processing of VCard files. Crafted data in a VCard file can cause Windows to display a dangerous hyperlink. The user interface fails to provide any indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of the current user.
An attacker can create a specially crafted VCard file that contains in the contact’s website URL field that points to a local executable file. This second file can be sent within a zipped file as an email attachment or delivered via drive-by-download attacks.
User interaction is required for the exploitation of this flaw. victims have to visit a specially crafted page or open a file that is malicious.
IMPACT
Execution of arbitrary code.
AFFECTED PRODUCTS
Microsoft Windows
REMEDIATION
Users are advised not to click on the additional hyperlink provided or visit a malicious page or malicious site.
If you think you’re a victim of a cyber-attack, immediately send an email to soc@rewterz.com.