Home / malware Exploit.CplLnk.Gen
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Exploit.CplLnk.Gen.
Explanation :
The detection is specific to lnk files (shortcut files) that make use of a vulnerability in the Windows operating system to execute arbitrary code. The vulnerability is caused by the routine that tries to display the icon for the shortcut file. In some cases, when the shortcut points to a module in the Control Panel, the operating system will try to load the module - to display the icon. In order to exploit this vulnerability, a special shortcut file is crafted that will make the operating system think that it points to some module in the Control Panel when in fact it points to amalicious module.
For the attack to be successfully carried out, the user has to view the file with Windows Explorer or other program that makes use of the shell32.dll functions in order to display the icon. The vulnerability is currently exploited by malware that BitDefender detects as Rootkit.Stuxnet.A.Last update 21 November 2011