{"id":111,"date":"2007-03-26T12:12:50","date_gmt":"2007-03-26T15:12:50","guid":{"rendered":"http:\/\/talsoft.com.ar\/weblog\/?p=111"},"modified":"2007-03-26T12:20:06","modified_gmt":"2007-03-26T15:20:06","slug":"ejecucion-de-codigo-local-en-windows-mail-vista","status":"publish","type":"post","link":"https:\/\/www.talsoft-security.com\/site\/ejecucion-de-codigo-local-en-windows-mail-vista\/","title":{"rendered":"Ejecuci\u00c3\u00b3n de c\u00c3\u00b3digo local en Windows Mail (Vista)"},"content":{"rendered":"

Por Angela Ruiz
\nangela@videosoft.net.uy<\/a><\/em><\/font><\/p>\n

Windows Mail, el substituto de Outlook Express en Windows Vista, es propenso a una vulnerabilidad de ejecuci\u00c3\u00b3n de archivos del lado del cliente, debido a un error de dise\u00c3\u00b1o. Ello ocurre si se hace clic en un enlace recibido en un correo malicioso.<\/font><\/p>\n

Un atacante podr\u00c3\u00ada explotar este problema, para ejecutar archivos en el equipo de la v\u00c3\u00adctima. Sin embargo, es importante destacar que la vulnerabilidad est\u00c3\u00a1 catalogada como de bajo riesgo, ya que solo puede ser utilizada con programas o scripts que residan en el equipo de la v\u00c3\u00adctima, y que siempre est\u00c3\u00a9n en la misma carpeta y lugar, y con el mismo nombre.<\/font><\/p>\n

De todos modos, podr\u00c3\u00ada utilizarse esta caracter\u00c3\u00adstica para implementar un ataque m\u00c3\u00a1s complejo, combinado con otros vectores que permitan la descarga previa de otros c\u00c3\u00b3digos. Hasta el momento, no se han reportado escenarios que ameriten una alerta por la utilizaci\u00c3\u00b3n de esta vulnerabilidad.<\/font><\/p>\n

El atacante debe enga\u00c3\u00b1ar al usuario para que haga clic en dicho enlace, adem\u00c3\u00a1s de haber construido un mensaje espec\u00c3\u00adficamente modificado.<\/font><\/p>\n

Son afectadas todas las versiones de Microsoft Windows Vista (Windows Vista Ultimate, Windows Vista Home Premium, Windows Vista Home Basic, Windows Vista Enterprise y Windows Vista Business).<\/font><\/p>\n

Windows Mail est\u00c3\u00a1 incluido en Windows Vista y dispone de caracter\u00c3\u00adsticas optimizadas de b\u00c3\u00basqueda y seguridad. Incluye capacidades de b\u00c3\u00basqueda dirigida que permiten buscar en todos los mensajes de correo electr\u00c3\u00b3nico. Tambi\u00c3\u00a9n ayuda a protegernos de los ataques de correo no deseado y suplantaci\u00c3\u00b3n de identidad (phishing) que pueden provocar robos de identidad.<\/font><\/p>\n

M\u00c3\u00a1s informaci\u00c3\u00b3n:<\/strong><\/font><\/p>\n

Windows Vista Windows Mail Client Side File Execution Vulnerability
\nhttp:\/\/www.securityfocus.com\/bid\/23103<\/a><\/font><\/p>\n

Caracter\u00c3\u00adsticas de Windows Mail
\nhttp:\/\/www.microsoft.com\/latam\/windowsvista\/features\/forhome\/mail.mspx<\/a><\/font><\/p>\n

Fuente: VSAntivirus<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Por Angela Ruiz angela@videosoft.net.uy Windows Mail, el substituto de Outlook Express en Windows Vista, es propenso a una vulnerabilidad de ejecuci\u00c3\u00b3n de archivos del lado del cliente, debido a un error de dise\u00c3\u00b1o. Ello ocurre si se hace clic en un enlace recibido en un correo malicioso. Un atacante podr\u00c3\u00ada explotar este problema, para ejecutar […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[3],"tags":[],"class_list":["post-111","post","type-post","status-publish","format-standard","hentry","category-articulos"],"yoast_head":"\nTalSoft - Seguridad Inform\u00e1tica Empresarial - Ejecuci\u00c3\u00b3n de c\u00c3\u00b3digo local en Windows Mail (Vista)<\/title>\n<meta name=\"description\" content=\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.talsoft-security.com\/site\/ejecucion-de-codigo-local-en-windows-mail-vista\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Leandro Ferrari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/ejecucion-de-codigo-local-en-windows-mail-vista\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/ejecucion-de-codigo-local-en-windows-mail-vista\/\"},\"author\":{\"name\":\"Leandro Ferrari\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\"},\"headline\":\"Ejecuci\u00c3\u00b3n de c\u00c3\u00b3digo local en Windows Mail (Vista)\",\"datePublished\":\"2007-03-26T15:12:50+00:00\",\"dateModified\":\"2007-03-26T15:20:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/ejecucion-de-codigo-local-en-windows-mail-vista\/\"},\"wordCount\":321,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"articleSection\":[\"Art\u00c3\u00adculos\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/ejecucion-de-codigo-local-en-windows-mail-vista\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/ejecucion-de-codigo-local-en-windows-mail-vista\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/ejecucion-de-codigo-local-en-windows-mail-vista\/\",\"name\":\"TalSoft - Seguridad Inform\u00e1tica Empresarial - Ejecuci\u00c3\u00b3n de c\u00c3\u00b3digo local en Windows Mail (Vista)\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\"},\"datePublished\":\"2007-03-26T15:12:50+00:00\",\"dateModified\":\"2007-03-26T15:20:06+00:00\",\"description\":\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\",\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/ejecucion-de-codigo-local-en-windows-mail-vista\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"name\":\"TalSoft TS - Services IT Security\",\"description\":\"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.\",\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\",\"name\":\"Talsoft TS\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"contentUrl\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"width\":270,\"height\":125,\"caption\":\"Talsoft TS\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.facebook.com\/talsoftsrl\",\"https:\/\/x.com\/talsoft\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\",\"name\":\"Leandro Ferrari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"caption\":\"Leandro Ferrari\"},\"sameAs\":[\"http:\/\/www.talsoft.com.ar\",\"https:\/\/www.facebook.com\/talsoftsrl\/\",\"https:\/\/x.com\/avatar_leandro\"],\"url\":\"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Ejecuci\u00c3\u00b3n de c\u00c3\u00b3digo local en Windows Mail (Vista)","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.talsoft-security.com\/site\/ejecucion-de-codigo-local-en-windows-mail-vista\/","twitter_misc":{"Written by":"Leandro Ferrari","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.talsoft-security.com\/site\/ejecucion-de-codigo-local-en-windows-mail-vista\/#article","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/ejecucion-de-codigo-local-en-windows-mail-vista\/"},"author":{"name":"Leandro Ferrari","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8"},"headline":"Ejecuci\u00c3\u00b3n de c\u00c3\u00b3digo local en Windows Mail (Vista)","datePublished":"2007-03-26T15:12:50+00:00","dateModified":"2007-03-26T15:20:06+00:00","mainEntityOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/ejecucion-de-codigo-local-en-windows-mail-vista\/"},"wordCount":321,"commentCount":0,"publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"articleSection":["Art\u00c3\u00adculos"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.talsoft-security.com\/site\/ejecucion-de-codigo-local-en-windows-mail-vista\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.talsoft-security.com\/site\/ejecucion-de-codigo-local-en-windows-mail-vista\/","url":"https:\/\/www.talsoft-security.com\/site\/ejecucion-de-codigo-local-en-windows-mail-vista\/","name":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Ejecuci\u00c3\u00b3n de c\u00c3\u00b3digo local en Windows Mail (Vista)","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/#website"},"datePublished":"2007-03-26T15:12:50+00:00","dateModified":"2007-03-26T15:20:06+00:00","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.talsoft-security.com\/site\/ejecucion-de-codigo-local-en-windows-mail-vista\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.talsoft-security.com\/site\/#website","url":"https:\/\/www.talsoft-security.com\/site\/","name":"TalSoft TS - Services IT Security","description":"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.","publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.talsoft-security.com\/site\/#organization","name":"Talsoft TS","url":"https:\/\/www.talsoft-security.com\/site\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/","url":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","contentUrl":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","width":270,"height":125,"caption":"Talsoft TS"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/talsoftsrl","https:\/\/x.com\/talsoft"]},{"@type":"Person","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8","name":"Leandro Ferrari","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","caption":"Leandro Ferrari"},"sameAs":["http:\/\/www.talsoft.com.ar","https:\/\/www.facebook.com\/talsoftsrl\/","https:\/\/x.com\/avatar_leandro"],"url":"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/"}]}},"_links":{"self":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/comments?post=111"}],"version-history":[{"count":0,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/111\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/media?parent=111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/categories?post=111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/tags?post=111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}