An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target system.

The security update addresses the vulnerability by correcting the processing of shortcut LNK references.

prion 2

zdt 3

trendmicroblog 3

cve 2

canvas 1

symantec 2

osv 1

checkpoint_advisories 2

attackerkb 1

openvas 15

mskb 19

cisa_kev 1

nessus 20

mscve 84

exploitpack 2

packetstorm 2

rapid7community 3

myhack58 3

malwarebytes 1

securelist 1

metasploit 2

exploitdb 2

cert 1

huawei 1

mmpc 2

mssecure 2

threatpost 2

thn 1

cisa 1

kaspersky 4

qualysblog 2

talosblog 1

prion

Remote code execution

2017-06-15 01:29:00

Information disclosure

2017-06-15 01:29:00

zdt

Microsoft Windows - LNK Shortcut File Code Execution Exploit

2017-07-26 00:00:00

Microsoft Windows - LNK Shortcut File Code Execution Exploit

2017-08-06 00:00:00

Microsoft Windows LNK File Code Execution Exploit

2017-11-09 00:00:00

trendmicroblog

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of July 3, 2017

2017-07-07 15:45:09

The Real-World Impact of Bug Bounties and Vulnerability Research

2017-07-06 16:31:43

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 12, 2017

2017-06-16 12:00:40

cve

CVE-2017-8464

2017-06-15 01:29:00

CVE-2017-8529

2017-06-15 01:29:00

canvas

Immunity Canvas: SPECIAL_LNK

2017-06-15 01:29:00

symantec

Microsoft Windows LNK CVE-2017-8464 Remote Code Execution Vulnerability

2017-06-13 00:00:00

Microsoft Internet Explorer and Edge CVE-2017-8529 Information Disclosure Vulnerability

2017-06-13 00:00:00

osv

CVE-2017-8529

2017-06-15 01:29:04

checkpoint_advisories

Microsoft Browser Information Disclosure (CVE-2017-8529)

2017-06-13 00:00:00

Microsoft LNK Remote Code Execution (CVE-2017-8464; CVE-2018-0978)

2017-06-13 00:00:00

attackerkb

CVE-2017-8464

2017-06-15 00:00:00

openvas

Microsoft Windows LNK Remote Code Execution Vulnerability (KB4021903)

2017-06-14 00:00:00

Microsoft Windows Multiple RCE Vulnerabilities (KB4022839)

2017-06-16 00:00:00

Huawei Data Communication: Multiple Vulnerabilities Released on Microsoft security advisory 4025685 (huawei-sa-20170909-01-windows)

2020-06-05 00:00:00

mskb

LNK remote code execution vulnerability: June 13, 2017

2017-06-13 07:00:00

Cumulative security update for Internet Explorer: September 12, 2017

2017-09-12 07:00:00

September 12, 2017—KB4038799 (Monthly Rollup)

2017-09-12 07:00:00

cisa_kev

Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability

2022-02-10 00:00:00

nessus

Windows 10 / Windows Server 2016 September 2017 Information Disclosure Vulnerability (CVE-2017-8529)

2020-05-28 00:00:00

KB4022715: Windows 10 Version 1607 and Windows Server 2016 June 2017 (CVE-2017-8529) (deprecated)

2020-01-17 00:00:00

Windows 8 June 2017 Security Updates

2017-06-14 00:00:00

mscve

Microsoft Browser Information Disclosure Vulnerability

2017-06-13 07:00:00

Microsoft Graphics Component Information Disclosure Vulnerability

2017-06-19 07:00:00

Windows Uniscribe Information Disclosure Vulnerability

2017-06-13 07:00:00

exploitpack

Microsoft Windows - .LNK Shortcut File Code Execution (Metasploit)

2017-07-26 00:00:00

Microsoft Windows - .LNK Shortcut File Code Execution

2017-08-06 00:00:00

packetstorm

Microsoft Windows LNK Shortcut File Code Execution

2017-08-01 00:00:00

Microsoft Windows LNK File Code Execution

2017-11-08 00:00:00

rapid7community

Metasploit Wrapup

2017-08-11 20:03:59

Patch Tuesday - June 2017

2017-06-14 12:04:23

Patch Tuesday - July 2017

2017-07-12 13:39:36

myhack58

【Major vulnerability warning】Windows two critical remote code execution vulnerability-vulnerability warning-the black bar safety net

2017-06-14 00:00:00

“The seismic network of the third generation”CVE-2017-8464 vulnerability analysis and early warning-vulnerability warning-the black bar safety net

2017-08-09 00:00:00

“The seismic network of the third generation”（CVE-2017-8464 several species using the method and prevention-vulnerability and early warning-the black bar safety net

2017-08-07 00:00:00

malwarebytes

LemonDuck no longer settles for breadcrumbs

2021-07-30 17:19:31

securelist

Threats to users of adult websites in 2018

2019-02-21 10:00:01

metasploit

LNK Code Execution Vulnerability

2017-08-02 20:46:30

LNK Code Execution Vulnerability

2017-10-05 14:16:31

exploitdb

Microsoft Windows - '.LNK' Shortcut File Code Execution (Metasploit)

2017-07-26 00:00:00

Microsoft Windows - '.LNK' Shortcut File Code Execution

2017-08-06 00:00:00

cert

Microsoft Windows automatically executes code specified in shortcut files

2017-08-03 00:00:00

huawei

Security Advisory - Multiple Vulnerabilities Released on Microsoft Security Advisory 4025685

2017-06-16 00:00:00

mmpc

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

2021-07-29 19:00:59

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

2021-07-22 16:00:57

mssecure

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

2021-07-29 19:00:59

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

2021-07-22 16:00:57

threatpost

Microsoft Patches Two Critical Vulnerabilities Under Attack

2017-06-13 16:23:28

Self-Propagating Lucifer Malware Targets Windows Systems

2020-06-24 21:20:16

thn

Microsoft Issues Updates for 96 Vulnerabilities You Need to Patch this Month

2017-06-13 23:18:00

cisa

CISA Adds 15 Known Exploited Vulnerabilities to Catalog

2022-02-10 00:00:00

kaspersky

KLA11045 Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer

2017-06-13 00:00:00

KLA11842 Multiple vulnerabilities in Microsoft Products (ESU)

2017-06-13 00:00:00

KLA11046 Multiple vulnerabilities in Microsoft Windows

2017-06-13 00:00:00

qualysblog

Microsoft Fixes 94 Security Issues in Massive June Update

2017-06-13 18:28:02

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

talosblog

Microsoft Patch Tuesday - June 2017

2017-06-13 13:48:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

Related for MS:CVE-2017-8464