Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability .
CVSS Score
- 9.3
Confidentiality Impact
- Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact
- Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact
- Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity
- Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication
- Not required (Authentication is not required to exploit the vulnerability.)
Gained Access
- None
Vulnerability Type(s)
- Execute Code