This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature will detect attempts to exploit a remote code execution vulnerability in Microsoft Windows Shortcut 'LNK' Files.
Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to handle 'LNK' files properly.
Specifically, the issue occurs when loading the icon of a shortcut file. A specially crafted 'LNK' file can cause Windows to automatically execute code that is specified by the shortcut file.
The attacker must entice a victim into viewing a specially crafted shortcut. The shortcut file and the associated binary may be delivered to a user through removable drives, over network shares or remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
NOTE: This issue is being exploited in the wild as malware W32.Temphid.
This issue affects Microsoft Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008.
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: firstname.lastname@example.org.