13 matches found
CVE-1999-0280
Remote command execution in Microsoft Internet Explorer using .lnk and .url files...
PT-2025-34796
Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to November 2025 updates Description This issue is a remote code execution vulnerability in Microsoft Windows related to the handling of LNK shortcut files. The vulnerability stems from a flaw in how Windows...
Little Crumbs Can Lead To Giants
This week is the Virus Bulletin Conference in London. Part of the conference is the Cyber Threat Alliance summit, where CTA members like Rapid7 showcase their research into all kinds of cyber threats and techniques. Traditionally, when we investigate a campaign, the focus is mostly on the code of...
SUSE CVE-2018-12097
The liblnklocationinformationreaddata function in liblnklocationinformation.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure heap-based buffer over-read via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on...
Patch Tuesday, September 2019 Edition
Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. The software giant assigned a "critical" rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to...
CVE-2018-18552
ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service menu functionality loss by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug...
liblnk heap buffer reread vulnerability (CNVD-2018-11567)
Libmobi is a C-based language for processing Kindle MOBI format e-book document library . A heap buffer reread vulnerability in the liblnk liblnklocationinformationreaddata function in liblnk liblnklocationinformation.c allows remote attackers to cause an information disclosure via a specially...
Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution
source: https://www.securityfocus.com/bid/20138/info Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files .qtl. An attacker can exploit this issue to execute arbitrary script code in the context of the affected application and load...
Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution
Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution source: https://www.securityfocus.com/bid/20138/info Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files .qtl. An attacker can exploit this issue to execute arbitrary script...
Microsoft Step-by-Step Interactive Training buffer overflow
Buffer overflow on link files .cbo, .cbl, .cbm parsing...
PT-2001-2189 · Argosoft · Argosoft Ftp Server
Name of the Vulnerable Software and Affected Versions: ArGoSoft FTP Server version 1.2.2.2 Description: The issue allows remote attackers to read arbitrary files and directories by uploading a .lnk link file that points to the target file. Recommendations: For ArGoSoft FTP Server version 1.2.2.2,...
CVE-1999-0280
Remote command execution in Microsoft Internet Explorer using .lnk and .url files...
PT-1997-1119 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer affected versions not specified Description: The issue allows for remote command execution in Microsoft Internet Explorer, utilizing .lnk and .url files. Recommendations: At the moment, there is no information abou...