Read Time:21 Second
Posted by hyp3rlinx on Feb 27
[-] Microsoft Windows Contact file / Remote Code Execution (Resurrected
2022) / CVE-2022-44666
[+] John Page (aka hyp3rlinx)
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec
Back in 2018 I discovered three related Windows remote code execution
vulnerabilities affecting both VCF and Contact files. They were purchased
by Trend Micro Zero Day Initiative (@thezdi) from me and received candidate
identifiers ZDI-CAN-6920 and ZDI-CAN-7591. Microsoft…