POP3: Local Link in Hyperlink
This signature detects a locally referenced hyper-link in an HTML formatted e-mail. Windows Mail is vulnerable. Such links can bypass access controls and allow arbitrary code execution.
Extended Description
Microsoft Windows Vista Windows Mail is prone to a local file-execution vulnerability due to a design error. An attackers may exploit this issue to execute local files. The attacker must entice a victim into opening a maliciously crafted link using the affected application. The vendor reports this issue can also be exploited through use of UNC navigation to execute arbitrary remote code. This may facilitate a remote compromise of the affected computer.
Affected Products
Microsoft windows_vista
References
BugTraq: 23103
CVE: CVE-2007-1658
URL: http://www.microsoft.com/technet/security/Bulletin/MS07-034.mspx
Short Name
POP3:OUTLOOK:LOCAL-LINK
Severity
Minor
Recommended
False
Recommended Action
None
Category
POP3
Keywords
CVE-2007-1658 Hyperlink Link Local bid:23103 in
Release Date
06/12/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Occasionally
Vendors
Microsoft
CVSS Score
9.3