VULHUB ™

Dialer.exe has an unchecked buffer in the part of the program that reads dialer entries from %systemroot%\dialer.ini. A specially-formed entry could cause arbitrary code to be run on the machine. By default, the %systemroot% folder is world-writeable. Dialer.ini is Dialer runs in the security context of the user, so an attacker would have to have a higher authority user dial the entry to gain any escalated priveleges.

Dialer.exe has an unchecked buffer in the part of the program that reads dialer entries from %systemroot%\dialer.ini. A specially-formed entry could cause arbitrary code to be run on the machine. By default, the %systemroot% folder is world-writeable. Dialer.ini is Dialer runs in the security context of the user, so an attacker would have to have a higher authority user dial the entry to gain any escalated priveleges.