Full title: Microsoft Windows Shell SMB LNK Code Execution Exploit 
Category: remote exploits
Platform: windows
This Metasploit module exploits a vulnerability in the MS10-046 patch to abuse (again) the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This creates an SMB resource to provide the payload and the trigger, and generates a LNK file which must be sent to the target. This Metasploit module has been tested successfully on Windows 2003 SP2 with MS10-046 installed and Windows 2008 SP2 (32 bits) with MS14-027 installed.

# 0day.today @ http://0day.today/