How to analyze the loopholes in the URL field of Microsoft Windows .Group file 04/02 Update SLTechnology News&Howtos

How to analyze the loopholes in the URL field of Microsoft Windows .Group file

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)05/31 Report--

This article will explain in detail how to analyze the loopholes in the URL field of the Microsoft Windows .Group file. The content of the article is of high quality, so the editor shares it for you as a reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

Security researcher John Page publicly disclosed a Microsoft Windows vulnerability involving the Windows .Group file type on his personal blog. The Group file is a series of contact information created by Windows Contacts, and Windows Contacts is an embedded contact manager in Windows. The contact list saved to the Group file can be used to create a mailing list and send email messages to multiple email addresses at the same time.

When you click the "Contact Group Details" label Website Go button, if the site URL field points to an executable file, the .Group file will have unexpected code execution.

Page reported a high-risk vulnerability involving CONTACT files to Microsoft via ZDI in December 2018, with a CVSS score of 7.8. The vulnerability is due to a problem with the processing of CONTACT files, which can be exploited by remote attackers to execute arbitrary code in the context of the current user. However, to exploit this vulnerability, an attacker needs to induce a user to visit a malicious page or open a malicious file.

According to ZDI disclosures, Microsoft did not fix the vulnerability immediately at the time, but said it would fix it in the future.

Page believes that the severity of the .group file vulnerability is still at high risk and reports the vulnerability information to Microsoft. However, Microsoft believes that the type of vulnerability is the same as that of previous vulnerabilities involving CONTACT files, while previous CONTACT file vulnerabilities are still unfixed.

This is the end of the vulnerability analysis on how to carry out the URL field of the Microsoft Windows .Group file. I hope the above content can be of some help and learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.