August 30th, 2004, 09:46 AM
Windows shortcut's crashing explorer
Dated: 30 Aug 2004
1. What is it ?
The windows shorcuts a.k.a .lnk files, cause exceptions if they have
an invalid format.Upon opening the folder containing the invalid
shorcut or the shortcut itself,the Explorer.exe process generated an
2. Systems Affected
We found the problem to occur in the following systems:
1.Windows 2000 Professional SP0
2.Windows 2000 Professional SP4
we believe the problem may be present in other systems also.
3. The problem
We are unable to decipher the problem at this time, Upon fuzzing the
windows shortcut file format, the problem seems to be random in
nature.Also windows tracks the shortcuts if the folder containing the
shortcut is open and tries to correct any invalid shortcut.The problem
occurs while correcting the shortcut and also when the shortcut is opened.
4. Exploitable ?
We can't say anything at this time.
[a] www.wotsit.com, get the LNK file format here.
[b] Link file fuzzer(LnkFuzzer)
August 30th, 2004, 04:07 PM
This problem, referred to as "Windows* Shortcut (.lnk) File Denial of Service" comes up time and time again for some users though does not seem to affect most (like me!)
E.g. http://www.security-corporation.com/...30820-001.html and http://www.securityfocus.com/advisories/2079
Some people seem to solve it with a bit of tinkering - suggesting it may be a conflict.
There is also, however, a previous vunerability involving SP4 which would crash IE when it utilised SHELL32.DLL - as far as I knew Microsoft had sorted this in a further patch (Micros**t, lie? Never).
Give it a quick google scan - but this is not a new vunerability. Sorry :/
P.s. Well done on the exams
# Now if I ever needed inspiration,
Right about now where I lose my patience,