SANS ISC Diary - Crashing explorer.exe with(out) a click

30-03-2020 / In categories SANS ISC, News, 2020

Microsoft, Post-exploitation, Red teaming, SANS, Vulnerability, Windows

Translation: CS

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at a vulnerability in the way Windows handles self-referential links, which makes it possible to use specially crafted URL and LNK files to crash Explorer.