Windows Shortcut(.lnk) Vulnerability

A component of Microsoft Windows, Windows shell is vulnerable to remote code execution via a shortcut file. A shortcut is a link to a file or program, represented by an icon. If you double-click a shortcut, the file or program opens. The shortcut is a mechanism often used to keep frequently used files in a single, easily accessed location, such as a folder or the desktop. Shortcuts are implemented as files with the LNK extension. This .lnk exploit will works in Windows XP, Vista and Windows 7.

An attacker could exploit this vulnerability by introducing removable drives or via setting up remote network share for the targeted users. When users opens the removable drive or browse the share, windows shell will attempt to load the icon of the shortcut file and the malicious binary may be invoked.

A remote attacker, who successfully exploit this vulnerability may execute arbitrary code on system with the privileges of currently logged-in user. this could be dangerous if you are running your system with administrative privileges.

Some of the antivirus vendors has pushed the detection of malicious shorkcut links in their products.

It is suggested to perform certain actions to avoid this vulnerability till the time microsoft will come up with a solution. Workarounds are as follows:

• Disable AutoRun functionality for all drives
  Microsoft
  http://support.microsoft.com/kb/967715
• Disable the displaying of icons for shortcuts
• Disable the WebClient service
• Microsoft
  http://www.microsoft.com/technet/security/advisory/2286198.mspx

To read more, follow:

CERT-In
http://www.cert-in.org.in/vulnerability/civn-2010-169.htm

Microsoft
http://www.microsoft.com/technet/security/advisory/2286198.mspx

Trendmicro
http://blog.trendmicro.com/usb-worm-exploits-windows-shortcut-vulnerability/

ISC
http://isc.incidents.org/diary.html?storyid=9181

nj0y !!!

#@v3 $@f3 br0w$!n9 !!!