Insufficient UI Warning Remote Code Execution.
Zero Day Initiative Program Submission ZDI-CAN-6920.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows.
User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of VCard files. Crafted data in a VCard file can cause Windows to display a dangerous hyperlink.
The user interface fails to provide any indication of the hazard.
An attacker can leverage this vulnerability to execute code in the context of the current user.