Vigil@nce: Windows, code execution via LNK
July 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to display a directory
containing a malicious link, in order to execute code on his
computer.
– Severity: 2/4
– Creation date: 16/07/2010
DESCRIPTION OF THE VULNERABILITY
A user can create a Windows link, which is a file with the ".LNK"
extension pointing to another file.
However, an attacker can create a special LNK file pointing to
code located inside the LNK file (a DLL library with a main code
which is run). This code is executed when the directory containing
the link is displayed. The victim does not have to click on the
link.
In order to exploit this vulnerability, the attacker can place the
malicious link on a USB drive, a cdrom, a remote share or a local
directory.
An attacker can therefore invite the victim to display a directory
containing a malicious link, in order to execute code on his
computer.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-code-execution-via-LNK-9770