Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to handle 'LNK' files properly. Specifically, the issue occurs when loading the icon of a shortcut file. A specially crafted 'LNK' file can cause Windows to automatically execute code that is specified by the shortcut file. This vulnerability is currently being exploited in the wild. This update adds WebDAV support, which makes possible for the exploit to work as a drive-by attack, allowing to compromise machines by enticing the victims into visiting a website.
Wednesday, July 21, 2010 - 19:00