The .LNK vulnerability was targeted by Stuxnet as it tried to take apart Iran’s nuclear program. German researcher Michael Heerklotz in January reported the new findings to HP’s Zero Day Initiative.
LNK files define shortcuts to files or directories; Windows allows them to use custom icons from control panel files (.CPL). In Windows, ZDI said, those icons are loaded from modules, either executables or DLLs; CPLs are DLLs. An attacker is able to then define which executable module would be loaded, and use the .LNK file to execute arbitrary code inside of the Windows shell.
Oddly the vulnerability does not seem to have been exploited in the wild, although the a Metasploit module has been available since 2010 and has been used in countless tests.
