OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)
OS-WINDOWS Microsoft Windows malformed shortcut file with comment buffer overflow attempt
This event is generated when a malformed Windows shortcut (.lnk) file is found traversing the network.
Attempted User Privilege Gain
A large value contained in a Windows shortcut (*.lnk) file multiplies during execution, causing a buffer overflow condition that can lead to remote code execution against the victim.
Ease of Attack:
Simple, no working exploits are known at this time.
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2018-0825StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how objects are handled in memory, aka "StructuredQuery Remote Code Execution Vulnerability".
||Ease of Access||