Windows Shell LNK file CONTROL item command executionAdded: 07/22/2010
BackgroundMicrosoft Windows supports LNK files, also known as shortcuts, which are references to other files. Shortcuts can be placed in a location which is convenient for users (such as the Desktop or Start menu), from which they can be used to execute the referenced file.
ProblemA design weakness in the Windows shell allows command execution when a user opens a shortcut file containing a CONTROL item which specifies a malicious executable DLL. The shortcut file could be given to the user on removable media such as a USB flash drive.
ResolutionSee Microsoft Security Advisory 2286198 for patch information or workarounds.
LimitationsThe specified SMB share must be accessible by the target user. Before the exploit can succeed, download the exploit.dll file and place it on the specified share.
The user must double-click on the shortcut file in order for this exploit to succeed.
Back to exploit index