Intrusion Prevention

MS.Windows.Vista.Mail.Local.File.Execution

Description

Windows Mail in Microsoft Windows Vista has a local file execution vulnerability. A remote attacker could execute a local program through a link to a local file or a UNC share pathname in which there is a directory with the same base name as an executable program at the same level. The exploit can be triggered by a sending crafted email, which the attacker would have to persuade the victim to open.

Affected Products

Microsoft Windows Vista Ultimate
Microsoft Windows Vista Home Premium
Microsoft Windows Vista Home Basic
Microsoft Windows Vista Enterprise
Microsoft Windows Vista Business

Impact

System compromise.

Recommended Actions

Apply patch, available from the Web site.
http://www.microsoft.com/technet/security/Bulletin/MS07-034.mspx

CVE References

CVE-2007-1658