Windows Shell LNK file CONTROL item command execution

Added: 07/22/2010
CVE: CVE-2010-2568
BID: 41732
OSVDB: 66387


Microsoft Windows supports LNK files, also known as shortcuts, which are references to other files. Shortcuts can be placed in a location which is convenient for users (such as the Desktop or Start menu), from which they can be used to execute the referenced file.


A design weakness in the Windows shell allows command execution when a user opens a shortcut file containing a CONTROL item which specifies a malicious executable DLL. The shortcut file could be given to the user on removable media such as a USB flash drive.


See Microsoft Security Advisory 2286198 for patch information or workarounds.



The specified SMB share must be accessible by the target user. Before the exploit can succeed, download the exploit.dll file and place it on the specified share.

The user must double-click on the shortcut file in order for this exploit to succeed.



Back to exploit index