Windows shortcut (. lnk) Code execution Vulnerability (cve-2017-8464) [Exp Build Tool]

Source: Internet
Author: User
Tags cve

Recently saw the online exposure of a Windows Remote Code execution vulnerability, the hacker can use a shortcut to execute arbitrary instructions on the user's computer, so the vulnerability was partially analyzed.

1. Vulnerability Description:

MicrosoftWindows. LNK Remote Code Execution Vulnerability (Vulnerability number: cve-2017-8464), an attacker could present the user with a malicious. LNK file and a removable drive or remote share associated with the malicious binary file. When a user opens this drive (or a remote share) in Windows Explorer or any other application that resolves an. lnk file, the malicious binary executes the code of the attacker's choice on the target system, and an attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

2. Scope of impact:

The scope of the vulnerability is relatively broad, the following is from the online search can affect the system, I myself in Win7 and win10 two kinds of test.

1

Microsoft Windows Version 1607 for 32-bit Systems

2

Microsoft Windows Version 1607 for x64-based Systems

3

Microsoft Windows Ten for 32-bit Systems

4

Microsoft Windows Ten for x64-based Systems

5

Microsoft Windows version 1511 for 32-bit Systems

6

Microsoft Windows version 1511 for x64-based Systems

7

Microsoft Windows version 1703 for 32-bit Systems

8

Microsoft Windows version 1703 for x64-based Systems

9

Microsoft Windows 7 for 32-bit Systems SP1

10

Microsoft Windows 7 for x64-based Systems SP1

11

Microsoft Windows 8.1 for 32-bit Systems

12

Microsoft Windows 8.1 for x64-based Systems

13

Microsoft Windows RT 8.1

14

Microsoft Windows Ten for 32-bit Systems

15

Microsoft Windows Ten for x64-based Systems

16

Microsoft Windows version 1511 for 32-bit Systems

17

Microsoft Windows version 1511 for x64-based Systems

18

Microsoft Windows version 1703 for 32-bit Systems

19

Microsoft Windows version 1703 for x64-based Systems

20

Microsoft Windows 7 for 32-bit Systems SP1

You can see that basically all of the Windows systems are having this problem. But the use of relatively chicken, first you have to put the shortcut into the other computer, before you can consider triggering the vulnerability.

But this is like once the cve-2012-0158, send the document to the user caused the trigger, this vulnerability can be widely used for phishing attacks, puddle attacks, mail attachment attacks, etc., so the harm is very big, accidentally on the recruit, so, users still need to put the patch on.

3. POC

Needless to say, in Python wrote a generated this vulnerability exp's script, has been placed on my GitHub, want to communicate can go to see:

Https://github.com/Securitykid/CVE-2017-8464-exp-generator

A brief description of the test process:

Generate exp Using tools First:

Specify the name of the DLL that needs to be executed, here is a test dll that pops up a few lines of calculator:

The result of the run is to generate 26 shortcuts:

The purpose of the 26 shortcuts is to ensure that the DLL files can be found under any one of the drive characters, to take a scene, put these 26 shortcuts and DLLs on the USB flash drive, then regardless of the USB drive is recognized by the computer to which the drive letter can be executed.

Execution conditions:

Open the folder that contains the shortcut, or the drive letter (the shortcut is for that drive), or point to the shortcut, which can cause execution:

Simply recorded a GIF, the test results are as follows:

The exp generation script in this article is written in Python with the following links:

Https://github.com/Securitykid/CVE-2017-8464-exp-generator

Welcome to Exchange Study

This loophole is still a certain harm, hope to see a friend to leave a heart, do not feel free to click on the received mail or download the shortcut in the file, and at the same time patched to ensure that their rights and interests are not infringed.

The contents of this article only use technical exchanges, security precautions, academic exchanges, do not use for illegal purposes.

Welcome reprint, please indicate the source

Welcome to sweep code attention to the public number, security kid, sharing security knowledge, technology, and common exchange progress!

Windows shortcut (. lnk) Code execution Vulnerability (cve-2017-8464) [Exp Build Tool]

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.