HTTP: Malformed Microsoft LNK File Download
This signature detects users downloading malformed Microsoft Windows Shortcut (LNK) files through HTTP. A successful exploit can result in a denial-of-service condition or remote code execution.
Extended Description
Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to properly handle 'LNK' files or 'PIF' files. An attacker may exploit this issue to execute arbitrary code. The attacker must entice a victim to view a specially crafted shortcut. NOTE: This issue is being exploited in the wild with W32.Stuxnet (previously known as W32.Temphid). This issue affects Microsoft Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008.
Affected Products
Avaya messaging_application_server,Microsoft windows_server_2008_for_itanium-based_systems
References
CVE: CVE-2015-0096
URL: http://blogs.technet.com/b/msrc/archive/2010/07/16/security-advisory-2286198-released.aspx http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/ http://www.kb.cert.org/vuls/id/940193 http://www.microsoft.com/technet/security/advisory/2286198.mspx http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Full-details-on-CVE-2015-0096-and-the-failed-MS10-046-Stuxnet/ba-p/6718459#.VQBOymTF9so https://github.com/rapid7/metasploit-framework/pull/4911
Short Name
HTTP:EXPLOIT:MAL-LNK
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2005-2122 CVE-2010-2568 CVE-2015-0096 Download File LNK Malformed Microsoft bid:15069 bid:41732
Release Date
07/21/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
9.3
10.0