Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability(CVE-2010-2568)

Well it is always advisable to use an up-to-date  OS and patch the OS with the available update files,if you donot do that then some person aware of the vulnerability in your system can plant an attack.Few days back i came across a  security flaws in Microsoft's design,technically speaking it is called as "Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability(CVE-2010-2568)".

How does it Works?

Actually it a flaw in the Windows OS design,this is mainly caused by Windows control panel shortcut image display routine.The flaw is that windows incorrectly parses the shortcut in such a way that the trojan/malware code can be installed when the icon of the shortcut is displayed.The vulnerable file is shell32.dll and the vulnerable routine is contol panel related where the windows does correcctly manage the parameters of the shortcut file as shown in the image below.
 Image source:http://community.websense.com

How the system can be exploited ?

The vulnerable system having this flaw (except Mac & Linux) can be exploited by using USB or through networks or CD/DVD.Since the Ms windows OS is unable to properly handle "lnk/pif" and automatically runs a file therefore an attacker can run any arbitrary code from USB,CD or through networks.
Since the milw0rm is down nowadays....i found the exploit in http://www.securityfocus.com/bid/41732/discuss ,here you can download the exploit file and use it for educational purpose.

Watch the Demo.....





Note:This expliot is possible on Win Xp/7/Vista etc.

Countermeasures....

1.You can download Sophos's windows shortcut protection tool  to detect and block exploit from running.
(Download)

2.Read Microsoft Security Advisory(2286198) ,scan for available updates and patch them.

3.If you are really panic about this exploit then hop up to Mac or Linux.....lol.

4.If you are using a third party firewall and it has custom file blocking fuctions then you can use it to block "lnk/pif" shortcuts.

If you find this article worth reading then do drop a comment it will be appreciated.



IF YOU LIKED THE CONTENT OF THIS BLOG THEN DO "VOTE" FOR IT........Click here to Vote!
Suggest Article

Subscribe to Posts....

Enter your Email-ID and get "Security Tips and Hacking Tutorials"alert in your inbox,we promise to keep your email private and safe.

comment 1 comments:

Chris on January 27, 2011 at 6:44 AM said...

Cool shortcuts, very useful. Thanks a bunch!!! I found a few more shortcuts here: http://www.usingcomputers.co.uk/tutorials/useful-windows-shortcuts.php its worth taking a look at combined with this article. Thanks, keep up the good posts!

Big Thanks :D :D

Post a Comment

This blog is "DoFollow",Use a "Real Name" rather than using "Keywords" otherwise comment will be rejected.

Delete this element to display blogger navbar

 
© 2013 SecurityHunk All Rights Reserved and Template by Fresh Blogger Templates