Microsoft Windows Shell LNK Code Execution

vendor:

Windows Shell LNK

by:

hdm, jduck, B_H

N/A

CVSS

N/A

Code Execution

CWE

Product Name: Windows Shell LNK

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: CVE-2010-2568

CPE: N/A

Metasploit: https://www.rapid7.com/db/modules/post/windows/gather/forensics/fanny_bmp_check/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2010

Microsoft Windows Shell LNK Code Execution

This module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This module creates a WebDAV service that can be used to run an arbitrary payload when accessed as a UNC path.

Mitigation:

Microsoft has released a patch for this vulnerability.

Source

Microsoft Windows Shell LNK Code Execution

Mitigation:

Exploit-DB raw data: