The best explanation I found is from this article but it still is unclear to me. Apparently a new vulnerability has been found involving .lnk files where when a folder on the memory stick containing the .lnk file is viewed any file on the stick can be run? How does this work and is this a zero day vulnerability?
Asked
Active
Viewed 425 times
1 Answers
6
You are almost correct - .lnk files should be a shortcut to a file, but here the .lnk itself is crafted to effectively autorun an exploit rather than calculate the shortcut to the intended file.
The Microsoft Security Advisory from 2010 gives more information along with the fix in MS10-046 so this is not a zero day.
Rory Alsop
- 61,367
- 12
- 115
- 320