vCards are commonly known as a means of sharing contact details between people, but they have also given attackers an alternate way to infect a system with malware. The malicious code in this particular instance counts on a zero-day vulnerability in Windows OS. “This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of VCard files,” was said in an advisory. If the attacker accesses the vCard contact it can input a malicious URL in the website field which can then be sent to a target through phishing campaigns or drive-by-downloads. This PoC exploit have received a CVSS score of 7.8 and Microsoft is yet to release a patch.
Analyst Notes
Until Microsoft releases a patch, users are suggested to be aware that they are susceptible to phishing attacks. Use caution when opening emails and clicking on links.
