Vulnerability Development mailing list archives
Re: Explorer crashes when it sees this .lnk file
From: furrm () KENYON EDU (Mike Furr)
Date: Wed, 29 Mar 2000 16:21:04 +0000
Parity Error wrote:
Hi all, Explorer crashes when it "sees" this .lnk file in a directory. Looks like some decoding code for .lnk files crashes when it sees this. The code seems to be in a shared dll. U cannot edit this file using any windows based hex editor. All apps crash when they see this. This may be exploitable, .... ------------------------------------------------------------------------ Name: check.lnk check.lnk Type: unspecified type (application/octet-stream) Encoding: base64
sounds like the shorcut vulnerability posted to bugtraq a little over a month ago: The Windows API that handles shortcut navigation is susceptible to buffer overflow attacks. The API, "SHGetPathFromIDList" will parse a shortcut file (.lnk) to find the target file, directory or URL. A specifically malformed link will cause any program using the API to follow that shortcut to crash. NOTE: While this vulnerability listing, as well as the exploit and the original USSR advisory only mention Serv-U FTP server, any Windows, Microsoft, or 3rd party program that uses the API could be vulnerable to this. see bugtraq id 970 for more info -mike
Current thread:
- Re: spoofing the ethernet address (license managers) Michael Wojcik (Mar 27)
- Re: spoofing the ethernet address (license managers) Forrest W. Christian (Mar 27)
- Re: spoofing the ethernet address (license managers) Eric Sherrill (Mar 29)
- Re: spoofing the ethernet address (license managers) Forrest W. Christian (Mar 29)
- Re: spoofing the ethernet address (license managers) Eric Sherrill (Mar 29)
- Explorer crashes when it sees this .lnk file Parity Error (Mar 28)
- Re: Explorer crashes when it sees this .lnk file Vladimir Dubrovin (Mar 29)
- Re: Explorer crashes when it sees this .lnk file Mike Furr (Mar 29)
- TCP Sequence Prediction Dean Michael Dorman (Mar 29)
- Re: TCP Sequence Prediction H D Moore (Mar 29)
- Re: TCP Sequence Prediction Seth R Arnold (Mar 29)
- Re: TCP Sequence Prediction Vladimir Dubrovin (Mar 30)
- Re: TCP Sequence Prediction Maxime Rousseau (Mar 30)
- Re: TCP Sequence Prediction Paul Taylor (Mar 30)
- Re: Explorer crashes when it sees this .lnk file AnorEXia (Mar 30)
- Re: Explorer crashes when it sees this .lnk file Vladimir Dubrovin (Mar 30)
- Re: Explorer crashes when it sees this .lnk file AnorEXia (Mar 31)
- Exposures in MQ and CORBA Adam.Levine () BANKOFAMERICA COM (Mar 31)
- Re: spoofing the ethernet address (license managers) Forrest W. Christian (Mar 27)