This Metasploit module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except an additional SpecialFolderDataBlock is included. The folder ID set in this SpecialFolderDataBlock is set to the Control Panel. This is enough to bypass the CPL whitelist. This bypass can be used to trick Windows into loading an arbitrary DLL file. The PATH option must be an absolute path to a writeable directory which is indexed for searching. If no PATH is specified, the module defaults to %USERPROFILE%.
81346e7020afd7e94a6d9b253a4b2b5b1c2eba12306e57cf746fb11c43f51e4bThis Metasploit module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except in an additional SpecialFolderDataBlock is included. The folder ID set in this SpecialFolderDataBlock is set to the Control Panel. This is enough to bypass the CPL whitelist. This bypass can be used to trick Windows into loading an arbitrary DLL file.
63ff862692b9e1b52aec2b632659c94eThis Microsoft bulletin summary lists many CVEs that have undergone a major revision increment.
8f3f2c8aac06bb0814cbc4f0f5cc66e6c13a9604da0bf615f67a1892ba342272This Microsoft bulletin summary lists many CVEs that have undergone a major revision increment.
fae845b246924cc9e54f816a4286310351404dff440feefbf497cb13fd42589bThis Microsoft bulletin summary lists many CVEs that have undergone a major revision increment.
319f129f72880daf729fa0c2761541421d1e20100a405cb2c6d871449553c09c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed