Some email clients are vulnerable to attacks via 'mailto' links


Level 69
Content Creator
Malware Hunter
Aug 17, 2014
GNOME Evolution, KDE KMail, IBM/HCL Notes, and older versions of Thunderbird found to be vulnerable.

A lesser-known technology known as "mailto" links can be abused to launch attacks on the users of email desktop clients.

The new attacks can be used to secretly steal local files and have them emailed as attachments to attackers, according to a research paper published last week by academics from two German universities.

The "vulnerability" at the heart of these attacks is how email clients implemented RFC6068 — the technical standard that describes the 'mailto' URI scheme.

Mailto refer to special types of links, usually supported by web browsers or email clients. These are links that, when clicked, they open a new email compose/reply window rather than a new web page (website). [...]
Research paper named "Mailto: Me Your Secrets" [PDF] by academics from Ruhr University Bochum and the Münster University of Applied Sciences.