search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft Windows Shell fails to handle shortcut files properly

Vulnerability Note VU#922708

Original Release Date: 2005-10-11 | Last Revised: 2005-10-11

Overview

Microsoft Windows Shell does not properly handle some shortcut files and may permit arbitrary code execution when a specially-crafted file is opened.

Description

Microsoft Windows supports files that point to another file, called "shortcut" files. These files have the .lnk extension, and may have properties that are passed to the target program or file.

Windows does not properly handle some properties on shortcut files and may be vulnerable to a specially-crafted shortcut file format. An attacker that has crafted such a shortcut file and that has convinced a user to open the file may be able to execute arbitrary code on the system. This file may be opened from an email message or a web link.

The arbitrary code is executed with the user's privileges, so if an administrative user has opened the file, the attacker may be able to take complete control of the system.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code and take complete control of the system.

Solution

Apply an update
Please see Microsoft Security Bulletin MS05-049 for more information on fixes, workarounds, and updates.

Vendor Information

922708
 
Affected   Unknown   Unaffected

Microsoft Corporation

Updated:  October 11, 2005

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Microsoft Security Bulletin MS05-049 for more information.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Microsoft reported this vulnerability, and in turn thank Cesar Cerrudo of Argeniss for information on the issue.

This document was written by Ken MacInnis.

Other Information

CVE IDs: CVE-2005-2122
Severity Metric: 5.29
Date Public: 2005-10-11
Date First Published: 2005-10-11
Date Last Updated: 2005-10-11 20:51 UTC
Document Revision: 7

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.