Windows Shortcut Parsing Vulnerability

A vulnerability in Windows versions including XP, Vista, 7, Server 2003 and Server 2008 which can be utilized by maliscious parties to compromise a user's system using specially crafted shortcuts (.lnk and .pif files). These files are often distributed on infected USB drives and will run via AutoPlay once a user connects it to a system, or will run if a user navigates to the root folder of the drive if AutoPlay is disabled. Exploitation may also be possible via network share drives, WebDAV shares, or documents supported embedded shortcuts.

Microsoft advises users to disable the displaying of icons for shortcuts (http://www.microsoft.com/technet/security/advisory/2286198.mspx) as a work around. Microsoft has also made a tool available to work around the issue, but users should be advised that it will significantly impact the Windows interface, replacing shortcut icons with generic white page icons (http://www.computerworld.com/s/article/9179479/Microsoft_issues_tool_to_repel_Windows_shortcut_attacks).

 For more information, please see the links above and these additional articles:

Secunia Advisory - http://secunia.com/advisories/40647

Microsoft Advisory - http://www.microsoft.com/technet/security/advisory/2286198.mspx

Microsoft Fix-It - http://support.microsoft.com/kb/2286198

Posted by Anthony Paladino on July 19, 2010, in Handlers Log.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2016 Purdue University | An equal access/equal opportunity university | Integrity Statement | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at itap@purdue.edu.

PDF files can be viewed in Adobe Acrobat Reader.