SMTP: URL With Local Reference
This signature detects attempts to exploit a known vulnerability against Windows Mail Client. Versions running on Windows Vista are vulnerable. Attackers can execute code in the context of the user logged in.
Extended Description
Microsoft Windows Vista Windows Mail is prone to a local file-execution vulnerability due to a design error. An attackers may exploit this issue to execute local files. The attacker must entice a victim into opening a maliciously crafted link using the affected application. The vendor reports this issue can also be exploited through use of UNC navigation to execute arbitrary remote code. This may facilitate a remote compromise of the affected computer.
Affected Products
Microsoft windows_vista
Short Name
SMTP:URL-LOC
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
SMTP
Keywords
CVE-2007-1658 Local Reference URL With bid:23103
Release Date
04/02/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3