A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka LNK Remote Code Execution Vulnerability.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Windows_10 | Microsoft | - (including) | - (including) |
| Windows_10 | Microsoft | 1607 (including) | 1607 (including) |
| Windows_10 | Microsoft | 1703 (including) | 1703 (including) |
| Windows_10 | Microsoft | 1709 (including) | 1709 (including) |
| Windows_10 | Microsoft | 1803 (including) | 1803 (including) |
| Windows_10 | Microsoft | 1809 (including) | 1809 (including) |
| Windows_10 | Microsoft | 1903 (including) | 1903 (including) |
| Windows_7 | Microsoft | –sp1 (including) | –sp1 (including) |
| Windows_8.1 | Microsoft | - (including) | - (including) |
| Windows_rt_8.1 | Microsoft | - (including) | - (including) |
| Windows_server_2008 | Microsoft | –sp2 (including) | –sp2 (including) |
| Windows_server_2008 | Microsoft | r2-sp1 (including) | r2-sp1 (including) |
| Windows_server_2012 | Microsoft | - (including) | - (including) |
| Windows_server_2012 | Microsoft | r2 (including) | r2 (including) |
| Windows_server_2016 | Microsoft | - (including) | - (including) |
| Windows_server_2016 | Microsoft | 1803 (including) | 1803 (including) |
| Windows_server_2016 | Microsoft | 1903 (including) | 1903 (including) |
| Windows_server_2019 | Microsoft | - (including) | - (including) |