A zero-day vulnerability has been discovered in Microsoft’s Windows operating system. The vulnerability resides within the processing of a vCard file, a standard file format for storing contact information for a person or business. A remote attacker can maliciously craft a VCard file in a way that the contact’s website URL points to a local executable file, which can be sent within a zipped file via an email or delivered separately via drive-by-download techniques. Microsoft has refused to patch the vulnerability, at least for now.
Source: https://thehackernews.com/2019/01/vcard-windows-hacking.html