Overview
Microsoft Windows Shell does not properly handle some shortcut files and may permit arbitrary code execution when a specially-crafted file is opened.
Description
Microsoft Windows supports files that point to another file, called "shortcut" files. These files have the .lnk extension, and may have properties that are passed to the target program or file. Windows does not properly handle some properties on shortcut files and may be vulnerable to a specially-crafted shortcut file format. An attacker that has crafted such a shortcut file and that has convinced a user to open the file may be able to execute arbitrary code on the system. This file may be opened from an email message or a web link. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code and take complete control of the system. |
Solution
Apply an update |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Microsoft reported this vulnerability, and in turn thank Cesar Cerrudo of Argeniss for information on the issue.
This document was written by Ken MacInnis.
Other Information
| CVE IDs: | CVE-2005-2122 |
| Severity Metric: | 5.29 |
| Date Public: | 2005-10-11 |
| Date First Published: | 2005-10-11 |
| Date Last Updated: | 2005-10-11 20:51 UTC |
| Document Revision: | 11 |