Modes Of Introduction
Operation
Applicable Platforms
Language
Class: Not Language-Specific (Undetermined)
Operating Systems
Class: Windows (Undetermined)
Common Consequences
Scope |
Impact |
Likelihood |
Confidentiality Integrity | Read Files or Directories, Modify Files or Directories | |
Observed Examples
References |
Description |
| network access control service executes program with high privileges and allows symlink to invoke another executable or perform DLL injection. |
| Mail client allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment." |
| FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. |
| FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. |
| Browser allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file. |
| ".LNK." - .LNK with trailing dot |
| Rootkits can bypass file access restrictions to Windows kernel directories using NtCreateSymbolicLinkObject function to create symbolic link |
Potential Mitigations
Phases : Architecture and Design
Follow the principle of least privilege when assigning access rights to entities in a software system.
Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
Vulnerability Mapping Notes
Justification : This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
NotesNotes
Under-studied. Windows .LNK files are more "portable" than Unix symlinks and have been used in remote exploits. Some Windows API's will access LNK's as if they are regular files, so one would expect that they would be reported more frequently.
Submission
Name |
Organization |
Date |
Date release |
Version |
PLOVER |
|
2006-07-19 +00:00 |
2006-07-19 +00:00 |
Draft 3 |
Modifications
Name |
Organization |
Date |
Comment |
Eric Dalci |
Cigital |
2008-07-01 +00:00 |
updated Time_of_Introduction |
CWE Content Team |
MITRE |
2008-09-08 +00:00 |
updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities |
CWE Content Team |
MITRE |
2008-10-14 +00:00 |
updated Description |
CWE Content Team |
MITRE |
2008-11-24 +00:00 |
updated Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2011-06-01 +00:00 |
updated Common_Consequences |
CWE Content Team |
MITRE |
2011-09-13 +00:00 |
updated Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2012-05-11 +00:00 |
updated Observed_Examples, Relationships |
CWE Content Team |
MITRE |
2012-10-30 +00:00 |
updated Potential_Mitigations |
CWE Content Team |
MITRE |
2014-07-30 +00:00 |
updated Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2017-11-08 +00:00 |
updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2019-01-03 +00:00 |
updated Related_Attack_Patterns |
CWE Content Team |
MITRE |
2019-06-20 +00:00 |
updated Related_Attack_Patterns |
CWE Content Team |
MITRE |
2020-02-24 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2022-06-28 +00:00 |
updated Observed_Examples |
CWE Content Team |
MITRE |
2023-01-31 +00:00 |
updated Description |
CWE Content Team |
MITRE |
2023-04-27 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2023-06-29 +00:00 |
updated Mapping_Notes |