42 Comments

  • 1. Milo Rambaldi  |  juillet 18th, 2010 at 15:00

    exactly,, what the logs looks like?
    give me an example of the log.

  • 2. admin  |  juillet 18th, 2010 at 15:03

    @Milo
    Check Dider Stevens’ post

  • 3. Milo Rambaldi  |  juillet 18th, 2010 at 15:07

    what is KD? konsole debug or what?

  • 4. admin  |  juillet 18th, 2010 at 15:09

    @Milo
    Yep, KD is your kernel debugger plugged to your VM like this.

  • 5. Faille de sécurité des &hellip  |  juillet 18th, 2010 at 15:56

    [...] nouvelles variantes de cette attaque ne manqueront pas de se propager dans les jours qui viennent (une preuve de concept a d’ailleurs été diffusée aujourd’hui par Ivanlef0u, qui permettra de faire des tests avec une version non [...]

  • 6. 5yn74x  |  juillet 18th, 2010 at 20:13

    Working on XP 64bit sp2 , with a 64bit dll :D

  • 7. ckahlo  |  juillet 19th, 2010 at 12:30

    Verified. Used own DLL and a MessageBox. Exploits our Win7-infrastructure perfectly.

  • 8. Interesante (y peligroso)&hellip  |  juillet 19th, 2010 at 23:38

    [...] Lnk shorcut http://www.ivanlef0u.tuxfamily.org/?p=411 Please link to a<a href="http://portalhispano.org/wordpress/archives/2851&quot; [...]

  • 9. Exploit demonstrates crit&hellip  |  juillet 19th, 2010 at 23:43

    [...] exploit for the unpatched vulnerability in the code for processing short-cuts (.lnk files) has been circulating since yesterday (Sunday). Source code for the exploit also appears to be in circulation. As soon as [...]

  • 10. blog.jorgemendez.com.ve &&hellip  |  juillet 20th, 2010 at 00:27

    [...] CVE-2010-2568 Lnk shorcut http://www.ivanlef0u.tuxfamily.org/?p=411 [...]

  • 11. Importante (2):Se hace pÃ&hellip  |  juillet 20th, 2010 at 06:44

    [...] CVE-2010-2568 Lnk shorcut http://www.ivanlef0…tuxfamily.org/?p=411 [...]

  • 12. phr33k  |  juillet 20th, 2010 at 11:19

    not working in w7 x64

  • 13. Es íncreible la capacida&hellip  |  juillet 20th, 2010 at 11:38

    [...] CVE-2010-2568 Lnk shorcut http://www.ivanlef0u.tuxfamily.org/?p=411 [...]

  • 14. Yakko  |  juillet 20th, 2010 at 13:45

    Nice work dude :)

    Fonctionne sous Win7 x32 et x64 :P

  • 15. Brian Gregory  |  juillet 20th, 2010 at 14:10

    Nothing happened. XP SP3 x86.

  • 16. shenzy  |  juillet 20th, 2010 at 17:04

    Nothing happened. Win7 x64, licenced and Up to date.

  • 17. testing  |  juillet 20th, 2010 at 19:07

    works on 2k SP4, XP PRO SP3, W7 X86

    nothing works on W7 X64

    (tested by me)

    but, n1 work!

  • 18. Marcosof Informatica y Te&hellip  |  juillet 20th, 2010 at 21:18

    [...] CVE-2010-2568 Lnk shorcut http://www.ivanlef0u.tuxfamily.org/?p=411 [...]

  • 19. Si aún eres Windowsdepen&hellip  |  juillet 21st, 2010 at 04:26

    [...] los accesos directos (archivos con extensión lnk) por lo que manipulando un acceso directo de una manera especifica se puede lograr ejecutar código en la PC victima sin intervención del usuario y sin que éste se [...]

  • 20. Rajesh Nikam  |  juillet 21st, 2010 at 06:06

    Analysis of CVE-2010-2568: LNK file automatically executes code in Control Panel shortcuts

  • 21. Microsoft LNK Vulnerabili&hellip  |  juillet 21st, 2010 at 11:00

    [...] few days ago, an exploit used for highly targeted attacks was published here: CVE-2010-2568 Lnk shortcut. As the blog post, and other posts, state, this is caused by Windows Control Panel's [...]

  • 22. Se hace público el explo&hellip  |  juillet 22nd, 2010 at 00:57

    [...] de que se hayan tomado todas las medidas oportunas conocidas hasta el momento para impedirlo. El fallo se aprovecha a través de archivos LNK (accesos directos) y supone un duro varapalo para Microsoft, pues los atacantes han conseguido [...]

  • 23. Análisis vulnerabilidad &hellip  |  juillet 22nd, 2010 at 04:59

    [...] análisis y la exitosa reproducción de la vulnerabilidad se la debemos a ivanlef0u, quien en su publicación adjuntó los archivos necesarios para llevarla a cabo. Lo primero que hicimos al descargar los [...]

  • 24. Marcosof Informatica y Te&hellip  |  juillet 23rd, 2010 at 15:41

    [...] pm Esta entrada detalla cómo aplicar una directiva de restricción de software para evitar la última vulnerabilidad crítica de Windows en todas sus versiones y para la que aún no hay parche. Es una libre [...]

  • 25. Marcosof Informatica y Te&hellip  |  juillet 23rd, 2010 at 15:48

    [...] de que se hayan tomado todas las medidas oportunas conocidas hasta el momento para impedirlo. El fallo se aprovecha a través de archivos LNK (accesos directos) y supone un duro varapalo para Microsoft, pues los atacantes han conseguido [...]

  • 26. Basement Dad  |  juillet 23rd, 2010 at 16:58

    Nais work. Although I thought the code gets executed only by opening the explorer@C:\. I tried it in a VM and it starts after executing the lnk or rightclick -> properties …

  • 27. LNK Zero-Day Exploit: Sie&hellip  |  juillet 26th, 2010 at 06:22

    [...] the meantime, a security researcher known as Ivanlef0u has posted a proof-of-concept of the exploit (site is in French), while Win32/TrojanDownloader.Chymine.A and Win32/Autorun.VB.RP are in the wild [...]

  • 28. Maria  |  juillet 27th, 2010 at 17:51

    Hey great post,

    I’m new to windbg hence one question how to break on kernel32!LoadLibraryW ? I’m using VMware and type bu kernel32!LoadLibraryW command inside host OS then I trigger this exploit but nothings happening:( windbg does not break.

  • 29. Microsoft LNK Vulnerabili&hellip  |  juillet 29th, 2010 at 22:29

    [...] few days ago, an exploit used for highly targeted attacks was published here: CVE-2010-2568 Lnk shortcut. As the blog post, and other posts, state, this is caused by Windows Control Panel's [...]

  • 30. TaPiOn  |  août 2nd, 2010 at 13:17

    c’est toi le MOTH4FUCKA #@! ^^

  • 31. ZZ1  |  août 2nd, 2010 at 23:36

    found this one back in a 2001. The original idea was :what happens when two LNK’s point at each other. Made some research and wrote an my one exploit in back in 2006.
    I went even further in a LNK analisis of my own from what is uncovered to date.
    There is a flaw in how shortcuts handle short-keys related to them. (tested in winxp sp2)

  • 32. Por qué debo actualizar &hellip  |  août 3rd, 2010 at 05:12

    [...] la vulnerabilidad esperando por una solución. Sin embargo, el 18 de julio la vulnerabilidad fue publicada en Internet. Lo anterior provocó que el SANS cambiara su indicador de amenaza de verde a amarillo [...]

  • 33. Mr.Hien  |  août 3rd, 2010 at 09:24

    Microsoft released a patch for this vuln:
    http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx

  • 34. Rudi  |  août 5th, 2010 at 17:26

    Hi.

    Has someone a guideline, how to create a simple « YouAreVulnerableMsgBox.DLL » that would be runned by the LNK file included in this proof of concept exploit?

    Regards, Rudi.

  • 35. snow  |  août 11th, 2010 at 15:20

    I found something like that:

    http://nemesis.te-home.net/News/20100723_Patch_for_0day__LNK_file_handling_vulnerability_up.html

    Any comments? :>

  • 36. Can you say bad path? &la&hellip  |  août 14th, 2010 at 01:31

    [...] you say bad path? By windowssucks There has been a lot of talk about the recent .LNK exploit so naturally I had to play with some shortcuts in a hex editor. Turns out that explorer seems to [...]

  • 37. nerd  |  septembre 30th, 2010 at 21:02

    Hi,
    Tried on unpatched Win7 x86 & x64 – doesn’t work for me :(

    How does this work? Where are the source for that?

  • 38. nerd  |  septembre 30th, 2010 at 21:05

    Sorry, have already patch – try now uninstall the patch and run your stuff

  • 39. nerd  |  septembre 30th, 2010 at 21:16

    Uninstalled Patch 228xxx – doesn’t work. My question: Is in this LNK file an code – if yes, from where on (Position) should I use IDA’s C command

    Thanks

  • 40. Vulnerabilidad en sistema&hellip  |  août 3rd, 2011 at 11:12

    [...] Proof of concept: http://www.ivanlef0u.tuxfamily.org/?p=411 [...]

  • 41. Hack all the world - CVE-&hellip  |  octobre 22nd, 2011 at 08:29

    [...] http://www.ivanlef0u.tuxfamily.org/?p=411 This entry was posted in Exploit and Tagged: Exploit . Bookmark the permalink. [...]

  • 42. Solución a la vulner&hellip  |  avril 13th, 2012 at 16:23

    [...] entrada detalla cómo aplicar una directiva de restricción de software para evitar la última vulnerabilidad crítica de Windows en todas sus versiones y para la que aún no hay parche. Es una [...]

Trackback this post