Didier Stevens

Sunday 8 August 2010

Quickpost: 2 .LNK Tools

Filed under: My Software,Quickpost,Vulnerabilities — Didier Stevens @ 10:52

Microsoft has issued an emergency patch (MS10-046) for the .LNK file vulnerability (CVE-2010-2568).

I’m releasing two small tools I developed to help me investigate this vulnerability.

First one is a 010 Editor template file for the .LNK binary file format.

Second one is a ClamAV signature file to find all .LNK shortcuts that load a DLL (malicious or benign).

To scan your drive C, issue command

clamscan.exe -d LNK-CPL-CVE-2010-2568.ndb -l scan.log -r c:\

Quickpost info

Blog at WordPress.com.