Search
Search titles only
By:
Search titles only
By:
Log in
Register
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Forums
New posts
All threads
Latest threads
New posts
Trending threads
Trending
Search forums
What's new
New posts
New ads
New profile posts
Latest activity
Free Ads
Latest reviews
Search ads
Members
Current visitors
New profile posts
Search profile posts
Contact us
Latest ads
NURSING , CAREGIVER , HOTEL & BEAUTY COURSES
IVA Para Medical Campus
Updated:
Yesterday at 9:24 AM
Handmade Character Soft Toys Peppa Pig Family
anil1961
Updated:
Wednesday at 9:58 PM
Ad icon
Video Content Creator
pramukag
Updated:
Sunday at 6:10 AM
Ad icon
QA Engineer Intern
pramukag
Updated:
Sunday at 6:07 AM
Ad icon
Sell your Land, House on idamata.lk for FREE
sajith.xp.pk
Updated:
Jun 25, 2026
Electronics
Vehicles
Property
Search
Reply to thread
Forums
Computers & Internet
News & Discussion
First vulnerability in Vista's Windows Mail discovered
Get the App
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="Anusha" data-source="post: 395375" data-attributes="member: 828"><p>Hannover (Germany) - The successor to Outlook Express links seamlessly with its predecessor's dubious reputation in matters of security. Just a few months after its official release, the first significant security problem has been uncovered: under certain circumstances, simply clicking on a link in an email can cause a program to be launched on the local computer.</p><p></p><p>A hacker going by the pseudonym Kingcope has reported on a security mailing list that this can be achieved by simply embedding a link to a local program in an email. If a directory with the same name as the executable program exists, the program will be executed by Windows Mail when the user clicks on the link without requiring any confirmation. A brief test at heise Security confirmed this. After creating a folder called calc in C:\Windows\System32\, clicking on a link to c:/windows/system32/calc? launched the calculator without any further user interaction.</p><p></p><p><a href="http://imageshack.us" target="_blank"><img src="http://img292.imageshack.us/img292/4237/01a5facha3.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a></p><p><em>Under certain circumstances a click on a link can execute a program in Windows Mail</em></p><p></p><p>Up until to now, there has ben no real attack scenario to exploit this, and so the concrete danger is fairly low. Kingcope has listed two Windows programs, winrm and migwiz, for which the required directory already exists. But he admits that it was not possible to pass parameters to the programs, which significantly reduces the potential for targeted activities. But the simple fact that under certain circumstances clicking on a straightforward URL in an email can be sufficient to launch a local program without requiring confirmation from the user leaves an uncomfortable feeling. Many dangerous vulnerabilities in Outlook Express and Internet Explorer initially appeared to be similarly innocuous. And Microsoft will now be judged against the grandiose promises it made with regard to the security of Vista. </p><p></p><p>Source: <a href="http://www.heise-security.co.uk/" target="_blank">http://www.heise-security.co.uk/</a></p></blockquote><p></p>
[QUOTE="Anusha, post: 395375, member: 828"] Hannover (Germany) - The successor to Outlook Express links seamlessly with its predecessor's dubious reputation in matters of security. Just a few months after its official release, the first significant security problem has been uncovered: under certain circumstances, simply clicking on a link in an email can cause a program to be launched on the local computer. A hacker going by the pseudonym Kingcope has reported on a security mailing list that this can be achieved by simply embedding a link to a local program in an email. If a directory with the same name as the executable program exists, the program will be executed by Windows Mail when the user clicks on the link without requiring any confirmation. A brief test at heise Security confirmed this. After creating a folder called calc in C:\Windows\System32\, clicking on a link to c:/windows/system32/calc? launched the calculator without any further user interaction. [URL=http://imageshack.us][IMG]http://img292.imageshack.us/img292/4237/01a5facha3.jpg[/IMG][/URL] [I]Under certain circumstances a click on a link can execute a program in Windows Mail[/I] Up until to now, there has ben no real attack scenario to exploit this, and so the concrete danger is fairly low. Kingcope has listed two Windows programs, winrm and migwiz, for which the required directory already exists. But he admits that it was not possible to pass parameters to the programs, which significantly reduces the potential for targeted activities. But the simple fact that under certain circumstances clicking on a straightforward URL in an email can be sufficient to launch a local program without requiring confirmation from the user leaves an uncomfortable feeling. Many dangerous vulnerabilities in Outlook Express and Internet Explorer initially appeared to be similarly innocuous. And Microsoft will now be judged against the grandiose promises it made with regard to the security of Vista. Source: [url]http://www.heise-security.co.uk/[/url] [/QUOTE]
Insert quotes…
Verification
Nawa warak dahaya keeyada? (Namaya wadi kireema dahaya)
Post reply
Top
Bottom