Thread: Windows shortcut's crashing explorer

    Jun 2003

    Windows shortcut's crashing explorer

    Dated: 30 Aug 2004

    1. What is it ?

    The windows shorcuts a.k.a .lnk files, cause exceptions if they have
    an invalid format.Upon opening the folder containing the invalid
    shorcut or the shortcut itself,the Explorer.exe process generated an

    2. Systems Affected

    We found the problem to occur in the following systems:

    1.Windows 2000 Professional SP0
    2.Windows 2000 Professional SP4

    we believe the problem may be present in other systems also.

    3. The problem

    We are unable to decipher the problem at this time, Upon fuzzing the
    windows shortcut file format, the problem seems to be random in
    nature.Also windows tracks the shortcuts if the folder containing the
    shortcut is open and tries to correct any invalid shortcut.The problem
    occurs while correcting the shortcut and also when the shortcut is opened.

    4. Exploitable ?

    We can't say anything at this time.

    5. Refrences
    [a] www.wotsit.com, get the LNK file format here.
    [b] Link file fuzzer(LnkFuzzer)

    Pranay Kanwar
    Aditya Sood

    -=[Crux Labs]=-

    Aug 2004
    This problem, referred to as "Windows* Shortcut (.lnk) File Denial of Service" comes up time and time again for some users though does not seem to affect most (like me!)

    E.g. http://www.security-corporation.com/...30820-001.html and http://www.securityfocus.com/advisories/2079

    Some people seem to solve it with a bit of tinkering - suggesting it may be a conflict.

    There is also, however, a previous vunerability involving SP4 which would crash IE when it utilised SHELL32.DLL - as far as I knew Microsoft had sorted this in a further patch (Micros**t, lie? Never).

    Give it a quick google scan - but this is not a new vunerability. Sorry :/

