The Windows Shortcut Exploit, also known as CPLINK, is a zero-day vulnerability in all versions of Windows that allows a Windows shortcut link, known as an .lnk file, to run a malicious DLL file. The dangerous shortcut links can also be embedded on a website or hidden within documents.
The exploit works when you open a device, network share or WebDav point carrying an infection—you don't need to click on anything for the exploit to work, even if you have AutoPlay and AutoRun disabled.
SophosLabs first saw this exploit at work through the rootkit W32/Stuxnet-B, which targets Siemens SCADA systems to discover the system default password.
While Stuxnet only affected Windows machines with infected USB drives plugged in, the Windows Shortcut Exploit in general can work through file shares and WebDav as well.
Download the protection tool here.
