Write-up for another forgotten Windows vulnerability (0day): Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape, which was not fully fixed as CVE-2022-44666 in the patches released on December, 2022.
Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day) This is the story about another forgotten 0day fully disclosed more than 4 years ago by John Page (aka hyp3rlinx) To understand the report, you have to consider i'm stupid :-) And my stupidicity drives me to take longer paths to solve simple issues, b