This vulnerability involves the improper neutralization of special elements used in a command ('command injection') in Windows MSHTML, allowing an unauthorized attacker to execute a crafted DLL file located in a shared folder and bypass Mark of the Web. The steps performed by the exploit are: Creates a DLL containing an Impact agent and places it in an SMB file share. It also creates an .lnk file for direct access. Using the provided link, download the .lnk file in the browser. Because some browsers may change the .lnk extension, you can set ATTACH_FILE_NAME to end with .zip to send the .lnk inside a ZIP file. If necessary, unzip the file and run the .lnk file. Alternatively, run the .lnk directly from the SMB share using the direct link. If the target can access the SMB share on the Impact machine, the agent will be deployed without Mark of the Web or popup warnings.
CVE Link
Exploit Platform
Exploit Type
Product Name