The vulnerability relates to the use of Windows .URL files to execute a remote binary via a UNC path. When the targeted user opens or previews the .URL file (for example, from an email), the system attempts to access the specified path (for example, a WebDAV or SMB share), resulting in the execution of arbitrary code. Depending on the email client used, the vulnerability could be exploited as zero-click by simply displaying the attachment in the preview window or by clicking on it, or it could be blocked based on the target system's policies.
CVE Link
Exploit Platform
Exploit Type
Product Name