This Metasploit module exploits a vulnerability in the MS10-046 patch to abuse (again) the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This creates an SMB resource to provide the payload and the trigger, and generates a LNK file which must be sent to the target. This Metasploit module has been tested successfully on Windows 2003 SP2 with MS10-046 installed and Windows 2008 SP2 (32 bits) with MS14-027 installed.
8d0a846229e5812d01bd4445f0b8c53b9c1261e86b25a1e40b85b10a1bbd4391
This Metasploit module exploits a vulnerability in the MS10-046 patch to abuse (again) the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This Metasploit module creates the required files to exploit the vulnerability. They must be uploaded to an UNC path accessible by the target. This Metasploit module has been tested successfully on Windows 2003 SP2 with MS10-046 installed and Windows 2008 SP2 (32 bits) with MS14-027 installed.
a9631c3ff2c532e42011da68d140f354537ec6ada1712cfb223bf2108e290574