[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Windows Shortcut Following (.LNK)

ID: 64Date: (C)2012-05-14   (M)2022-10-10
Type: weaknessStatus: INCOMPLETE
Abstraction Type: Variant





Description

The software, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

Extended Description

The shortcut (file with the .lnk extension) can permit an attacker to read/write a file that they originally did not have permissions to access.

Likelihood of Exploit: Medium to High

Applicable Platforms
Language Class: All
Operating System Class: Windows

Time Of Introduction

  • Operation

Common Consequences

ScopeTechnical ImpactNotes
Confidentiality
Integrity
 		Read files or directories
Modify files or directories
 		 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Architecture and Design
 		Separation of Privilege
 		Follow the principle of least privilege when assigning access rights to entities in a software system.
Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
 		  

Relationships

Related CWETypeViewChain
CWE-64 ChildOf CWE-893 Category CWE-888  

Demonstrative Examples
None

Observed Examples

  1. CVE-2000-0342 : Mail client allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."
  2. CVE-2001-1042 : FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.
  3. CVE-2001-1043 : FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.
  4. CVE-2005-0587 : Browser allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
  5. CVE-2001-1386 : ".LNK." - .LNK with trailing dot
  6. CVE-2003-1233 : Rootkits can bypass file access restrictions to Windows kernel directories using NtCreateSymbolicLinkObject function to create symbolic link

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Windows Shortcut Following (.LNK)
 		 
CERT C Secure Coding FIO05-C
 		Identify files using multiple file attributes
 		 
CERT C++ Secure Coding FIO05-CPP
 		Identify files using multiple file attributes
 		 

References:
None
CVE    1
CVE-2021-1492

© SecPod Technologies