Windows Mail in Microsoft Windows Vista has a local file execution vulnerability. A remote attacker could execute a local program through a link to a local file or a UNC share pathname in which there is a directory with the same base name as an executable program at the same level. The exploit can be triggered by a sending crafted email, which the attacker would have to persuade the victim to open.
Microsoft Windows Vista Ultimate
Microsoft Windows Vista Home Premium
Microsoft Windows Vista Home Basic
Microsoft Windows Vista Enterprise
Microsoft Windows Vista Business
Apply patch, available from the Web site.