Microsoft Windows Contact File HTML injection

Strike ID:
E19-0zny1
CVSS:
7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
False Positive:
f
Variants:
1
Year:
2019

Description

This strike executes a vulnerability in a Microsoft Windows Contact file. Specifically a remote attacker can execute arbitrary code on Microsoft Windows by performing code injection in the email field of a Windows Contact file.