Rapid7 Vulnerability & Exploit Database

Microsoft Windows: CVE-2017-8464: LNK Remote Code Execution Vulnerability

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Microsoft Windows: CVE-2017-8464: LNK Remote Code Execution Vulnerability

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

06/13/2017

Created

07/25/2018

Added

06/13/2017

Modified

09/11/2024

Description

Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."

Solution(s)

microsoft-windows-windows_10-1507-kb4022727
microsoft-windows-windows_10-1511-kb4022714
microsoft-windows-windows_10-1607-kb4022715
microsoft-windows-windows_10-1703-kb4022725
microsoft-windows-windows_server_2012-kb4022718
microsoft-windows-windows_server_2012_r2-kb4022717
microsoft-windows-windows_server_2016-1607-kb4022715
msft-kb4021903-339b7384-c98c-4b60-ba8a-d7d6409b4440
msft-kb4021903-38431bac-b0b3-4165-8197-964412ac8029
msft-kb4021903-3afb2e64-c7bb-446b-953f-1962213a444e
msft-kb4021903-4ed91fee-979d-4de4-8b1f-7ed764942168
msft-kb4021903-995d9d3a-97c4-4f00-bf76-e31ef42365ad
msft-kb4022717-1d805e7c-215a-4c96-8b39-3829bd2e02d0
msft-kb4022717-6abad12a-fc3f-4352-81f7-453e305f13ed
msft-kb4022718-185fb91c-8006-4eeb-81f1-611113a80509
msft-kb4022718-5cc34e54-998c-4120-ba8a-d528309738f8
msft-kb4022722-0fff3ada-3205-441e-9f7f-f9e0198a32ce
msft-kb4022722-4182f860-3205-4b8d-bf9d-4b0b93f34adc
msft-kb4022722-61851a6d-1717-4861-801a-461e772cb312
msft-kb4022722-65224535-330e-42bd-8e35-824c878ec11a
msft-kb4022722-657cd92e-a4a3-4319-a954-52bedeef4cfc
msft-kb4022722-e181eaef-054e-4b52-a00f-503b91461f68

References

Advanced vulnerability management analytics and reporting.

Key Features

Lightweight Endpoint Agent
Live Dashboards
Real Risk Prioritization
IT-Integrated Remediation Projects
Cloud, Virtual, and Container Assessment
Integrated Threat Feeds
Easy-to-Use RESTful API
Automation-Assisted Patching
Automated Containment

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft Windows: CVE-2017-8464: LNK Remote Code Execution Vulnerability

Microsoft Windows: CVE-2017-8464: LNK Remote Code Execution Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.