vCards are commonly known as a means of sharing contact details between people, but they have also given attackers an alternate way to infect a system with malware. The malicious code in this particular instance counts on a zero-day vulnerability in Windows OS. “This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of VCard files,” was said in an advisory. If the attacker accesses the vCard contact it can input a malicious URL in the website field which can then be sent to a target through phishing campaigns or drive-by-downloads. This PoC exploit have received a CVSS score of 7.8 and Microsoft is yet to release a patch.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is