HTTP: .LNK File Download

This signature detects a HTTP request for the download of a file with the .lnk extension. Such a file could be maliciously crafted to execute arbitrary code or trick the user into executing another program unintentionally.

Extended Description

Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to properly handle 'LNK' files or 'PIF' files. An attacker may exploit this issue to execute arbitrary code. The attacker must entice a victim to view a specially crafted shortcut. NOTE: This issue is being exploited in the wild with W32.Stuxnet (previously known as W32.Temphid). This issue affects Microsoft Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008.

Affected Products

Avaya messaging_application_server,Microsoft windows_server_2008_for_itanium-based_systems

References

BugTraq: 15070 41732

CVE: CVE-2005-2118

URL: http://www.cknow.com/vtutor/FileExtensions.html http://www.novatone.net/mag/mailsec.htm http://support.microsoft.com/?kbid=291369 http://www.microsoft.com/technet/security/advisory/2286198.mspx

Short Name

HTTP:EXT:DOT-LNK

Severity

Warning

Recommended

False

Recommended Action

None

HTTP: .LNK File Download

Extended Description

Affected Products

References

Found a potential security threat?