My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Exploit.CplLnk.Gen

MEDIUM
LOW
approx 4200 bytes

Symptoms

Presence of shortcut files on removable media or network shares

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Mihai Razvan Benchea, virus researcher

Technical Description:

The detection is specific to lnk files (shortcut files) that make use of a vulnerability in the Windows operating system to execute arbitrary code. The vulnerability is caused by the routine that tries to display the icon for the shortcut file. In some cases, when the shortcut points to a module in the Control Panel, the operating system will try to load the module - to display the icon.  In order to exploit this vulnerability, a special shortcut file is crafted that will make the operating system  think that it points to some module in the Control Panel when in fact it points to amalicious module.

For the attack to be successfully carried out, the user has to view the file with Windows Explorer or other program that makes use of the shell32.dll functions in order to display the icon. The vulnerability is currently exploited by malware that BitDefender detects as Rootkit.Stuxnet.A.