CPLINK

CPLINK and Win32/CplLnk.A are names for a Microsoft Windows shortcut icon vulnerability discovered in June 2010 and patched on 2 August¹² that affected all Windows operating systems. The vulnerability is exploitable when any Windows application that displays shortcut icons, such as Windows Explorer,³ browses to a folder containing a malicious shortcut.⁴ The exploit can be triggered without any user interaction, regardless where the shortcut file is located.⁴⁵

In June 2010, VirusBlokAda reported detection of zero-day attack malware called Stuxnet that exploited the vulnerability to install a rootkit that snooped Siemens' SCADA systems WinCC⁶ and PCS 7.⁷ According to Symantec it is the first worm designed to reprogram industrial systems and not only to spy on them.⁸

References

"Microsoft Security Bulletin MS10-046 - Critical / Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)". Microsoft. 2 August 2010. Retrieved 21 November 2011.
"Microsoft issues 'critical' patch for shortcut bug". BBC News. 2 August 2010. Retrieved 21 November 2011.
"Encyclopedia entry: Exploit:Win32/CplLnk.A". Microsoft. Jul 16, 2010. Retrieved 27 July 2010.
Wisniewski, Chester (2010-07-27). "AskChet, Episode 2, July 26, 2010 - Sophos security news". SophosLabs. Retrieved 27 July 2010.
Wisniewski, Chester (2010-07-26). "Shortcut exploit still quiet - Keep your fingers crossed". Sophos. Archived from the original on 1 August 2010. Retrieved 27 July 2010.
Mills, Elinor (2010-07-21). "Details of the first-ever control system malware (FAQ)". CNET. Retrieved 21 July 2010.
"SIMATIC WinCC / SIMATIC PCS 7: Information concerning Malware / Virus / Trojan". Siemens. 2010-07-21. Retrieved 22 July 2010. malware (trojan) which affects the visualization system WinCC SCADA.
"Siemens: Stuxnet worm hit industrial systems". Retrieved 16 September 2010.{{cite news}}: CS1 maint: deprecated archival service (link)

External links

Microsoft Security Advisory (2286198) concerning the Windows vulnerability exploited by CPLINK.
Infoworld article Is Stuxnet the 'best' malware ever?

[1] "Microsoft Security Bulletin MS10-046 - Critical / Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)". Microsoft. 2 August 2010. Retrieved 21 November 2011.

[2] "Microsoft issues 'critical' patch for shortcut bug". BBC News. 2 August 2010. Retrieved 21 November 2011.

[Microsoft-3] "Encyclopedia entry: Exploit:Win32/CplLnk.A". Microsoft. Jul 16, 2010. Retrieved 27 July 2010.

[Sophhos20100727-4] Wisniewski, Chester (2010-07-27). "AskChet, Episode 2, July 26, 2010 - Sophos security news". SophosLabs. Retrieved 27 July 2010.

[5] Wisniewski, Chester (2010-07-26). "Shortcut exploit still quiet - Keep your fingers crossed". Sophos. Archived from the original on 1 August 2010. Retrieved 27 July 2010.

[6] Mills, Elinor (2010-07-21). "Details of the first-ever control system malware (FAQ)". CNET. Retrieved 21 July 2010.

[7] "SIMATIC WinCC / SIMATIC PCS 7: Information concerning Malware / Virus / Trojan". Siemens. 2010-07-21. Retrieved 22 July 2010. malware (trojan) which affects the visualization system WinCC SCADA.

[8] "Siemens: Stuxnet worm hit industrial systems". Retrieved 16 September 2010.{{cite news}}: CS1 maint: deprecated archival service (link)

1

2

3

4

5

6

7

8