Bug found in Windows Mail

Posted on Thursday, March 29 2007 @ 08:25:19 CEST by Thomas De Maesschalck
Earlier this week German security experts announced they've found the first bug in Windows Vista's new Windows Mail application.
The successor to Outlook Express links seamlessly with its predecessor's dubious reputation in matters of security. Just a few months after its official release, the first significant security problem has been uncovered: under certain circumstances, simply clicking on a link in an email can cause a program to be launched on the local computer.

A hacker going by the pseudonym Kingcope has reported on a security mailing list that this can be achieved by simply embedding a link to a local program in an email. If a directory with the same name as the executable program exists, the program will be executed by Windows Mail when the user clicks on the link without requiring any confirmation. A brief test at heise Security confirmed this. After creating a folder called calc in C:WindowsSystem32, clicking on a link to c:/windows/system32/calc? launched the calculator without any further user interaction.