CVE-1999-0280

Remote command execution in Microsoft Internet Explorer using .lnk and .url files...

The vulnerability of the GENESIS64 SCADA system’s software packages for monitoring and data collection, specifically the MC Works64 package, arises from errors in processing .LNK files. This vulnerability allows a intruder to write arbitrary files and trigger service failures.

The vulnerability of the GENESIS64 SCADA system’s software packages for monitoring and data collection via the MC Works64 interface is related to errors in processing files with the .LNK extension. Exploiting this vulnerability allows an intruder to write arbitrary files and cause service failure...

PT-2025-34796

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to November 2025 updates Description This issue is a remote code execution vulnerability in Microsoft Windows related to the handling of LNK shortcut files. The vulnerability stems from a flaw in how Windows...

Little Crumbs Can Lead To Giants

This week is the Virus Bulletin Conference in London. Part of the conference is the Cyber Threat Alliance summit, where CTA members like Rapid7 showcase their research into all kinds of cyber threats and techniques. Traditionally, when we investigate a campaign, the focus is mostly on the code of...

SUSE CVE-2018-12097

The liblnklocationinformationreaddata function in liblnklocationinformation.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure heap-based buffer over-read via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on...

Patch Tuesday, September 2019 Edition

Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. The software giant assigned a "critical" rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to...

CVE-2018-18552

ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service menu functionality loss by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug...

The vulnerability of Windows operating systems, related to errors in processing files with the .LNK extension, allows a hacker to execute arbitrary code.

The vulnerability of Windows operating systems is related to errors in processing files with the extension .LNK link files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted .LNK file...

liblnk heap buffer reread vulnerability (CNVD-2018-11567)

Libmobi is a C-based language for processing Kindle MOBI format e-book document library . A heap buffer reread vulnerability in the liblnk liblnklocationinformationreaddata function in liblnk liblnklocationinformation.c allows remote attackers to cause an information disclosure via a specially...

The vulnerability of the Windows Shell component of the Windows operating system, which allows a hacker to execute arbitrary code

The vulnerability of the Windows Shell component of the Windows operating system is related to errors in the processing of LNK files. Exploiting this vulnerability allows a local attacker to execute arbitrary code by connecting a storage device to the system, which contains a specially crafted ic...

Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution

source: https://www.securityfocus.com/bid/20138/info Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files .qtl. An attacker can exploit this issue to execute arbitrary script code in the context of the affected application and load...

Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution

Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution source: https://www.securityfocus.com/bid/20138/info Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files .qtl. An attacker can exploit this issue to execute arbitrary script...

Microsoft Step-by-Step Interactive Training buffer overflow

Buffer overflow on link files .cbo, .cbl, .cbm parsing...

PT-2001-2189 · Argosoft · Argosoft Ftp Server

Name of the Vulnerable Software and Affected Versions: ArGoSoft FTP Server version 1.2.2.2 Description: The issue allows remote attackers to read arbitrary files and directories by uploading a .lnk link file that points to the target file. Recommendations: For ArGoSoft FTP Server version 1.2.2.2,...

CVE-1999-0280

Remote command execution in Microsoft Internet Explorer using .lnk and .url files...

PT-1997-1119 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer affected versions not specified Description: The issue allows for remote command execution in Microsoft Internet Explorer, utilizing .lnk and .url files. Recommendations: At the moment, there is no information abou...