![](\"https:\/\/varutra-1a3b6.kxcdn.com\/wp-content\/uploads\/2019\/03\/vcf-file-3-1.jpg\" "\\"vcffile3")
\nIn this blog we are going to discuss about Microsoft Zero Day – VCard Vulnerability For Windows operating system.<\/p>\n
\nIn this blog we are going to discuss about Microsoft Zero Day – VCard Vulnerability For Windows operating system.<\/p>\n
A zero day vulnerability has been discovered and reported in the Microsoft’s Windows operating system. Under a certain scenario it could allow a remote attacker to execute arbitrary code on Windows machine. A remote attacker can maliciously craft a VCard file in a way that the contact’s website URL stored within the file points to a local executable file, which can be sent within a zipped file via an email or delivered separately via drive-by-download techniques.<\/p>\n
If a victim clicks ton suspicious website URL, the Windows operating system would run the malicious executable without displaying any warning, instead of opening the web address on the browser. Although the attack requires user’s interaction, leaving the vulnerability unpatched would leave an opportunity for sophisticated attackers to target Windows users at large.<\/p>\n
A vCard is an electronic business (or personal) card and also the name of an industry specification for the kind of communication exchange that is done on business or personal cards. It may have seen a vCard attached to an e-mail note someone has sent you. Because vCard is a published industry specification, software application developers can create programs that process vCards by letting you view them, or drag-and-drop them to an address book or some other application. vCards can include images and sound as well as text.<\/p>\n A promising future use of a vCard will be as a way to quickly fill in application forms on the Web. Just drag-and-drop your own vCard to the form and you won’t have so many blanks to fill in. For software developers, there is a Personal Data Interchange (PDI) Software Development Kit (SDK). The specification is located at the Internet Mail Consortium’s Web site where you can also find out about vCalendar , a similar exchange standard for personal time scheduling.<\/p>\n <\/p>\n Now, open the “celebrities contacts.vcf” file and click the website link, the VCF file will traverse back one to the “http” directory where the CPL executable file lives.<\/p>\n <\/p>\n <\/p>\n <\/p>\n Author,<\/p>\n Varutra Consulting Pvt. Ltd<\/em><\/p>","protected":false},"excerpt":{"rendered":" In this blog we are going to discuss about Microsoft Zero Day – VCard Vulnerability For Windows operating system. Introduction Microsoft Zero Day – VCard…<\/p>\n","protected":false},"author":3,"featured_media":2962,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[277,273,57,283],"tags":[103,160,161,162,163,164,165,166,167,130],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t![\"Microsoft](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2019\/01\/severity-score-1.png\")
<\/a><\/p>\n<\/a><\/p>\nFigure: Exporting contacts in vCard format<\/em><\/strong><\/h6>\n
Attack Scenario?<\/strong><\/h3>\n
<\/a><\/p>\n\n
URL;TYPE=home;PREF=1: http.\\\\www.varutra.com\r\nThe Windows .VCF File content: \u201ccelebrities contacts.vcf\u201d\r\nBEGIN:VCARD\r\nVERSION:4.0\r\nN:Tricky;DealC0der;;;\r\nFN:TrickyDealC0der\r\nEMAIL;TYPE=home;PREF=username@null<\/span>varutra.com\r\nTEL;TYPE=\u201dcell,home\u201d;PREF=1:tel:+919874563214\r\nADR;TYPE=home;PREF=1:;;1 Marigold;Pune;India\r\nURL;TYPE=home;PREF=1:http.\\\\www.varutra.com\r\nEND:VCARD<\/pre>\nRecommendation<\/strong><\/h3>\n
\n
References<\/strong><\/h3>\n
\n
Jinto T.K.<\/strong><\/div>\nSOC Team<\/div>\n