← back
CVE-2017-8464

CVE-2017-8464

CVSS 8.8 HIGHEPSS 90.0%● KEV
In short

Windows can be tricked into running harmful code when you open a specially crafted shortcut file (.LNK). This happens because Windows doesn't safely check the icon inside the shortcut before displaying it.

Technical detail

A malicious .LNK file exploits improper validation of icon data in the Windows Shell icon handler, allowing arbitrary code execution when the shortcut's icon is parsed by Windows Explorer or any application that reads shortcut metadata. This affects local and remote attack scenarios with no user interaction beyond opening or viewing the file in an explorer context.

Summary generated and translated by AI from the official description.
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Microsoft Corporation · Windows Shell
public PoCs found12
githubgithub.com/3gstudent/CVE-2017-8464-EXP66githubgithub.com/doudouhala/CVE-2017-8464-exp-generator8githubgithub.com/TrG-1999/DetectPacket-CVE-2017-84642githubgithub.com/Elm0D/CVE-2017-84641githubgithub.com/xssfile/CVE-2017-8464-EXP1githubgithub.com/TieuLong21Prosper/Detect-CVE-2017-84640githubgithub.com/X-Vector/usbhijacking0githubgithub.com/tuankiethkt020/Phat-hien-CVE-2017-84640exploitdbwww.exploit-db.com/exploits/42382unverifiedcve_referencewww.exploit-db.com/exploits/42429/unverifiedexploitdbwww.exploit-db.com/exploits/42429unverifiedcve_referencewww.exploit-db.com/exploits/42382/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8464https://www.exploit-db.com/exploits/42382/https://www.exploit-db.com/exploits/42429/http://www.securityfocus.com/bid/98818http://www.securitytracker.com/id/1038671