Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: FileSystemObject (Matthew Murphy) (sjmurphySWBELL.NET)
Date: Fri Jun 08 2001 - 21:59:44 CDT
Now that it's going to Bugtraq, let's see how well M$ can ignore this, LOL.
Murphy Security Advisory #9, 2001:
.LNK Files and Windows Networking may Allow Executing Arbitrary Programs
Systems Affected: All versions of Windows that support networking.
Symptoms: Hotkeys may not work properly.
Consequences: Running code of an attacker's choice over a network.
Workaround: Turn off write sharing to networked drives.
Windows .LNK files are used for quick access to programs that may be stored away on the hard drive. Part of this shortcut interface is the use of hotkeys, keys that when pressed (for example F10) run the .LNK file and what ever file it is linked to. The problem with this is three things. A) In Windows, .LNK files can run from any location upon the pressing of a hotkey. B) The user does not have to be the one to place the shortcut. C) .LNK files can link to programs not authorized by the user. So, if an attacker wished, he or she could place a *.LNK file on a network drive with a hotkey, such as F1 (normally the help hotkey) and have it link to an unsigned *.EXE file on that same drive. So, when the new system admin logged in to the new drive, the next time they hit F1 for help, the .LNK file would automatically run, overriding the typical behavior of starting help, and launching the Executable. Now, the powerful file that was linked to by the .LNK has complete control of the system, resulting in the compromise of whatever priviledges the user has. It was as if the user had directly clicked on the file. Another troublesome shortcut hotkey is ALT+F4, which normally closes windows.