8 matches found
Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation
Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates, according to ACROS Security's 0patch. The vulnerability in question is CVE-2025-9491 CVSS score: 7.8/7.0, which has been describ...
CVE-2020-1299
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'...
CVE-2019-1280
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'...
CVE-2020-1299
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'...
CVE-2020-0684
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'...
Microsoft LNK Remote Code Execution Vulnerability
Microsoft Windows is a family of operating systems from Microsoft. Microsoft Windows has a remote code execution vulnerability in the handling of .LNK files, which can be exploited by an attacker to gain the same user rights as a local user...
CVE-2019-1188
CVE-2019-1188 is a remote code execution vulnerability in Microsoft Windows involving processing of .LNK shortcut references. An attacker could trick a user into opening a removable drive or remote share containing a malicious .LNK file and an associated binary; when the user opens the drive or p...
CVE-2005-0519
ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut .LNK file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability than CVE-2005-0520...