CWE-64: Windows Shortcut Following (.LNK)

参考: CVE-2019-19793

network access control service executes program with high privileges and allows symlink to invoke another executable or perform DLL injection.

参考: CVE-2000-0342

Mail client allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."

参考: CVE-2001-1042

FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.

参考: CVE-2001-1043

FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.

参考: CVE-2005-0587

Browser allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.

参考: CVE-2001-1386

".LNK." - .LNK with trailing dot

参考: CVE-2003-1233

Rootkits can bypass file access restrictions to Windows kernel directories using NtCreateSymbolicLinkObject function to create symbolic link