SMTP: .LNK
This signature detects e-mail attachments that have the extension .lnk and were sent through SMTP. Because .LNKs (Windows link) files can point to any program, this can indicate an incoming e-mail virus. Attackers can create a link pointing to a dangerous program, tricking users into executing the link and affecting the system.
Extended Description
Microsoft Windows is prone to a remote code execution vulnerability when handling a malicious shortcut (.lnk) file. An attacker can exploit this issue by crafting a malicious file and placing it on a Web site or sending it to a user through email followed by enticing them to open it and view the file's properties. This issue also poses a local threat as a local unprivileged attacker could exploit this issue without user interaction to gain elevated privileges. This vulnerability can facilitate arbitrary code execution with SYSTEM privileges. This BID is related to the issue described in BID 15069 (Microsoft Windows Malicious Shortcut Handling Remote Code Execution Vulnerability).
Affected Products
Avaya s8100_media_servers,Microsoft windows_xp_media_center_edition
Short Name
SMTP:EXT:DOT-LNK
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
.LNK CVE-2005-2118 bid:15070
Release Date
07/28/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
Avaya
CVSS Score
5.1