Microsoft Windows Malicious Shortcut Handling Remote Code Execution Vulnerability

Microsoft Windows is prone to a remote code execution vulnerability when handling a malicious shortcut (.lnk) file.

An attacker can exploit this issue by crafting a malicious file and placing it on a Web site or sending it to a user through email followed by enticing them to open it and view the file's properties.

This issue also poses a local threat as a local unprivileged attacker could exploit this issue without user interaction to gain elevated privileges.

This vulnerability can facilitate arbitrary code execution with SYSTEM privileges.

This BID is related to the issue described in BID 15070 (Microsoft Windows Malicious Shortcut Handling Remote Code Execution Variant Vulnerability).


 

Privacy Statement
Copyright 2010, SecurityFocus