Windows shortcut's crashing explorer
Results 1 to 2 of 2

Thread: Windows shortcut's crashing explorer

  1. #1
    Senior Member
    Join Date
    Jun 2003
    Posts
    188

    Windows shortcut's crashing explorer

    Dated: 30 Aug 2004

    1. What is it ?

    The windows shorcuts a.k.a .lnk files, cause exceptions if they have
    an invalid format.Upon opening the folder containing the invalid
    shorcut or the shortcut itself,the Explorer.exe process generated an
    exception.

    2. Systems Affected

    We found the problem to occur in the following systems:

    1.Windows 2000 Professional SP0
    2.Windows 2000 Professional SP4

    we believe the problem may be present in other systems also.

    3. The problem

    We are unable to decipher the problem at this time, Upon fuzzing the
    windows shortcut file format, the problem seems to be random in
    nature.Also windows tracks the shortcuts if the folder containing the
    shortcut is open and tries to correct any invalid shortcut.The problem
    occurs while correcting the shortcut and also when the shortcut is opened.

    4. Exploitable ?

    We can't say anything at this time.

    5. Refrences
    [a] www.wotsit.com, get the LNK file format here.
    [b] Link file fuzzer(LnkFuzzer)
    wwww.angelfire.com/theforce/crux/LnkFuzzer.zip

    Pranay Kanwar
    Aditya Sood

    -=[Crux Labs]=-
    Crux245@yahoo.com

  2. #2
    Member
    Join Date
    Aug 2004
    Posts
    70
    This problem, referred to as "Windows* Shortcut (.lnk) File Denial of Service" comes up time and time again for some users though does not seem to affect most (like me!)

    E.g. http://www.security-corporation.com/...30820-001.html and http://www.securityfocus.com/advisories/2079

    Some people seem to solve it with a bit of tinkering - suggesting it may be a conflict.

    There is also, however, a previous vunerability involving SP4 which would crash IE when it utilised SHELL32.DLL - as far as I knew Microsoft had sorted this in a further patch (Micros**t, lie? Never).

    Give it a quick google scan - but this is not a new vunerability. Sorry :/

    P.s. Well done on the exams
    # Now if I ever needed inspiration,
    Right about now where I lose my patience,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides