A vulnerability exists in the Microsoft Windows Shell component that may allow the execution of malicious code.
A vulnerability exists in the Microsoft Windows Shell component that may allow the execution of malicious code. The flaw occurs due to Windows improperly handling file shortcuts. Exploitation can be achieved through multiple vectors, including manipulation of a specially-crafted .LNK or .PIF file & browsing a drive/shared location with a specially-crafted .LNK or .PIF file.Attack Vector
Maliciously Crafted FileUser Interaction
user interaction is neededVendor Status
Responded and patchedVulnerable Systems
Vulnerability information has been publicly disclosed.2010-07-16
Vendor has provided information on the vulnerability.2010-07-18
A proof of concept has been released.2010-07-19
A proof of concept has been released.2010-07-21
A proof of concept has been released.2010-07-30
Vendor has provided information on the vulnerability.2010-08-02
Vendor has provided a patch.
The vendor has released an update to address this issue:
Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)