Microsoft Windows automatically executes code specified in shortcut (LNK) files

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Forum Veteran
Feb 4, 2016
2,516
15,624
3,578
53
Germany / Poland
Description
Microsoft Windows supports the use of shortcut or LNK files. A LNK file is a reference to a local file. Clicking on a LNK or file has essentially the same outcome as clicking on the file that is specified as the shortcut target. For example, clicking a shortcut to calc.exe will launch calc.exe, and clicking a shortcut to readme.txt will open readme.txt with the associated application for handling text files.
Click to expand...

Impact
By convincing a user to display a specially-crafted shortcut file, an attacker may be able to execute arbitrary code with the privileges of the user. Depending on the operating system and AutoRun/AutoPlay configuration, this can happen automatically by connecting a USB device.

Solution
Apply an update

This issue is addressed in the Microsoft Update for CVE-2017-8464.

......
..
.....
........
Click to expand...
 
  • Like
Reactions: Solarquest, brambedkar59, shmu26 and 4 others
You must log in or register to reply here.

You may also like...