English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Microsoft Windows Modern Mail URL Spoofing Weakness


Secunia ID

SA52779

CVE-ID

CVE-2013-1299

Release Date

27 Mar 2013

Criticality

Not Critical

Solution Status

Vendor Patch

Software

Mircosoft Mail, Calendar, People and Messaging

Where

From remote

Impact
Spoofing

This covers various vulnerabilities where it is possible for malicious users or people to impersonate other users or systems.

Description

A weakness has been reported in Microsoft Windows Modern Mail, which can be exploited by malicious people to conduct spoofing attacks.

The weakness is caused due to the application not displaying HTML emails properly, which can be exploited to display the link to an arbitrary website as a URL to another site.

Solution

Apply update available via the Microsoft Windows Store.
http://apps.microsoft.com/windows/app/mail-calendar-people-and/64a79953-cf0b-44f9-b5c4-ee5df3a15c63

Reported by

The vendor credits Alex Wolff, BrownWolff.

Original Advisory

http://technet.microsoft.com/en-us/security/advisory/2819682
http://support.microsoft.com/kb/2832006