Possible threat over Windows vista

clipped from news.softpedia.com Windows Vista is wide open to remote code execution via a flaw in Windows Mail. Designed as a successor to Outlook Express, the free email client is an integer part of Windows Vista, shipping by default with the operating system. On March 23 2007, a client-side vulnerability allowing for remote code execution in Windows Mail was published on Full Disclosure. The report claims that the vulnerability was successfully tested on a copy of Windows Vista Ultimate. Microsoft did not confirm the validity of the vulnerability, but it did acknowledge the fact that it is investigating the issue. “Remote Code Execution is possible if a user clicks on a malicious prepared link. Vistas Mail Client will execute any executable file if a folder exists with the same name. There is for example a CMD script by default in C:WindowsSystem32 named winrm.cmd (and also a folder named winrm inside System32),” Full Disclosure informed. Through a client side vulnerability in Windows Mail Oiaga, Technology News Editor