Login   |   Secure Purdue > News

Windows Shortcut Parsing Vulnerability

A vulnerability in Windows versions including XP, Vista, 7, Server 2003 and Server 2008 which can be utilized by maliscious parties to compromise a user's system using specially crafted shortcuts (.lnk and .pif files). These files are often distributed on infected USB drives and will run via AutoPlay once a user connects it to a system, or will run if a user navigates to the root folder of the drive if AutoPlay is disabled. Exploitation may also be possible via network share drives, WebDAV shares, or documents supported embedded shortcuts.

Microsoft advises users to disable the displaying of icons for shortcuts (http://www.microsoft.com/technet/security/advisory/2286198.mspx) as a work around. Microsoft has also made a tool available to work around the issue, but users should be advised that it will significantly impact the Windows interface, replacing shortcut icons with generic white page icons (http://www.computerworld.com/s/article/9179479/Microsoft_issues_tool_to_repel_Windows_shortcut_attacks).

 For more information, please see the links above and these additional articles:

Secunia Advisory - http://secunia.com/advisories/40647

Microsoft Advisory - http://www.microsoft.com/technet/security/advisory/2286198.mspx

Microsoft Fix-It - http://support.microsoft.com/kb/2286198

Posted by Anthony Paladino on July 19, 2010, in Handlers Log.