|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Windows: code execution via LNK
Synthesis of the vulnerability
An attacker can invite the victim to display a directory containing a malicious link, in order to execute code on his computer.
Vulnerable systems: Windows 2000, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista, Windows XP.
Severity of this threat: 3/4.
Consequences of a hack: user access/rights.
Pirate's origin: document.
Creation date: 16/07/2010.
Références of this weakness: 2286198, BID-41732, CERTA-2010-AVI-353, CVE-2010-2568, MS10-046, VIGILANCE-VUL-9770, VU#940193.
Description of the vulnerability
A user can create a Windows link, which is a file with the ".LNK" extension pointing to another file.
However, an attacker can create a special LNK file pointing to code located inside the LNK file (a DLL library with a main code which is run). This code is executed when the directory containing the link is displayed. The victim does not have to click on the link.
In order to exploit this vulnerability, the attacker can place the malicious link on a USB drive, a cdrom, a remote share, a local directory or a WebDAV access. The link can also be located inside a malicious document (such as an Office document). MS-DOS programs also use links with the ".PIF" extension.
An attacker can therefore invite the victim to display a directory containing a malicious link, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a computers vulnerabilities alert. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.