Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability(CVE-2010-2568)

Well it is always advisable to use an up-to-date  OS and patch the OS with the available update files,if you donot do that then some person aware of the vulnerability in your system can plant an attack.Few days back i came across a  security flaws in Microsoft's design,technically speaking it is called as "Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability(CVE-2010-2568)".
Microsoft Windows Shortcut 'LNK/PIF' Files

How does it Works?

Actually it a flaw in the Windows OS design,this is mainly caused by Windows control panel shortcut image display routine.The flaw is that windows incorrectly parses the shortcut in such a way that the trojan/malware code can be installed when the icon of the shortcut is displayed.The vulnerable file is shell32.dll and the vulnerable routine is contol panel related where the windows does correcctly manage the parameters of the shortcut file as shown in the image below.
 Image source:

How the system can be exploited ?

The vulnerable system having this flaw (except Mac & Linux) can be exploited by using USB or through networks or CD/DVD.Since the Ms windows OS is unable to properly handle "lnk/pif" and automatically runs a file therefore an attacker can run any arbitrary code from USB,CD or through networks.
Since the milw0rm is down nowadays....i found the exploit in ,here you can download the exploit file and use it for educational purpose.

Watch the Demo.....

Note:This expliot is possible on Win Xp/7/Vista etc.


1.You can download Sophos's windows shortcut protection tool  to detect and block exploit from running.

2.Read Microsoft Security Advisory(2286198) ,scan for available updates and patch them.

3.If you are really panic about this exploit then hop up to Mac or

4.If you are using a third party firewall and it has custom file blocking fuctions then you can use it to block "lnk/pif" shortcuts.

If you find this article worth reading then do drop a comment it will be appreciated.

Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability(CVE-2010-2568) Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability(CVE-2010-2568) Reviewed by Satyajit (Admins,a.k.a Satosys) on Thursday, July 29, 2010 Rating: 5

1 comment:

Unknown said...

Cool shortcuts, very useful. Thanks a bunch!!! I found a few more shortcuts here: its worth taking a look at combined with this article. Thanks, keep up the good posts!

Big Thanks :D :D

Powered by Blogger.