CVE-2007-1658
CVE-2007-1658
Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/29771unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.htmlhttp://isc.sans.org/diary.html?storyid=2507http://news.com.com/2100-1002_3-6170133.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034http://secunia.com/advisories/25639https://exchange.xforce.ibmcloud.com/vulnerabilities/33167https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9014194http://www.securityfocus.com/archive/1/471947/100/0/threadedhttp://www.securityfocus.com/bid/23103