Security Bulletins

Vulnerability in Windows Shell

Background

On July 16, 2010, Microsoft released Advisory 2286198 which stated that Microsoft is investigating reports of targeted attacks exploiting the way Windows displays icons of shortcut (.lnk) files.

Impact

Browsing a folder that contains a maliciously crafted Windows shortcut can allow an attacker to run code at the level of the logged on user. This can compromise a user's computer regardless of the location of the malicious file. This can be a local folder on the hard drive, a USB attached drive, a mapped drive, or a drive connected via WebDAV. Devices and drives that are shared by a large number of users present a greater risk than devices used by a single user.

Platforms Affected

This a