Beware! Suspicious vCards May Compromise Your Windows Computer
- A zero-day vulnerability detected in Microsoft Windows can put the user’s system at peril.
- Cybercriminals can use vCards to execute malicious code, which once clicked, can allow them control over the affected system.
vCards, which are known for sharing contact details among people have now become a medium for attackers to load malicious code. What’s frightening here is that these malicious vCards contain malicious code that relies on a Windows OS zero-day vulnerability.
John Page, a cybersecurity researcher identified this flaw six months ago. Despite the researcher informing Microsoft, the software giant has yet to release a security patch to fix the issue. Trend Micro’s Zero Day Initiative (ZDI) program has documented the whole issue.
Remote Arbitrary Code Execution Flaw
The ZDI advisory further explains the flaw stating, “This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of VCard files."
As per the researcher, an attacker can fill the website field in a vCard contact with a URL pointing to a local malicious executable file. The local file could be sent to the target user via a phishing email or through drive-by-download techniques.
The researcher also published a video demonstrating how the Windows OS runs the malicious executable without any warning if the user clicks on the website URL in a vCard contact file.
The proof-of-concept exploit developed by the researcher has been given a CVSS 3.0 score of 7.8.
"Crafted data in a VCard file can cause Windows to display a dangerous hyperlink. The user interface fails to provide any indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of the current user,” ZDI reported.
Therefore, leaving the vulnerability as is, without the patch, can lead to attackers compromising a network of Windows computers.