Surf Wiki
Save to docs
general/injection-exploits

From Surf Wiki (app.surf) — the open knowledge base

CPLINK

Microsoft Windows shortcut icon vulnerability

Summary

Microsoft Windows shortcut icon vulnerability

CPLINK and Win32/CplLnk.A are names for a Microsoft Windows shortcut icon vulnerability discovered in June 2010 and patched on 2 August that affected all Windows operating systems. The vulnerability is exploitable when any Windows application that displays shortcut icons, such as Windows Explorer, browses to a folder containing a malicious shortcut. The exploit can be triggered without any user interaction, regardless where the shortcut file is located.

In June 2010, VirusBlokAda reported detection of zero-day attack malware called Stuxnet that exploited the vulnerability to install a rootkit that snooped Siemens' SCADA systems WinCC and PCS 7. According to Symantec it is the first worm designed to reprogram industrial systems and not only to spy on them.

References

References

  1. (2 August 2010). "Microsoft Security Bulletin MS10-046 - Critical / Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)". Microsoft.
  2. (2 August 2010). "Microsoft issues 'critical' patch for shortcut bug". BBC News.
  3. (Jul 16, 2010). "Encyclopedia entry: Exploit:Win32/CplLnk.A". Microsoft.
  4. Wisniewski, Chester. (2010-07-27). "AskChet, Episode 2, July 26, 2010 - Sophos security news". [[Sophos#Research.
  5. Wisniewski, Chester. (2010-07-26). "Shortcut exploit still quiet - Keep your fingers crossed". [[Sophos]].
  6. Mills, Elinor. (2010-07-21). "Details of the first-ever control system malware (FAQ)". [[CNET]].
  7. (2010-07-21). "SIMATIC WinCC / SIMATIC PCS 7: Information concerning Malware / Virus / Trojan". [[Siemens]].
  8. "Siemens: Stuxnet worm hit industrial systems".
Wikipedia Source

This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page.

injection-exploits malware
Want to explore this topic further?

Ask Mako anything about CPLINK — get instant answers, deeper analysis, and related topics.

Research with Mako

Free with your Surf account

Content sourced from Wikipedia, available under CC BY-SA 4.0.

This content may have been generated or modified by AI. CloudSurf Software LLC is not responsible for the accuracy, completeness, or reliability of AI-generated content. Always verify important information from primary sources.

Report