MS10-046 : Microsoft Windows Shell LNK Execution

Since the 19 July, the Rapid 7 Metasploit team has release an exploit module for Windows Shell LNK exploit MSA-2286198, aka CVE-2010-2568. Actually the exploitation of this vulnerability is not widely exploited, but the situation could change rapidly soon. As you surely know, SANS ISC has increase his threat warning level to yellow over this vulnerability.

We have successfully test the exploit on Windows XP Pro SP3 fully patched.

Here bellow a video we have done, to demonstrate how it is easy to exploit this vulnerability with Metasploit.

[youtube rYrXDJfVLJ0]