Overwrite arbitrary files downloading .lnk twice
- February 24, 2005
- Masayuki Nakano
- Firefox, Mozilla Suite, Thunderbird
- Fixed in
- Firefox 1.0.1
- Mozilla Suite 1.7.6
- Thunderbird 1.0.2
If a windows user can be convinced to download a .lnk file twice to the same location an attacker can overwrite (essentially delete) arbitrary files on the user's machine: the file referenced by the first .lnk will be overwritten by the second download rather than replacing the .lnk itself. On some older versions of windows .pif and .url files can be used to accomplish the same thing.
If an attacker knows the user will download twice and is able to send different content the second time then attackers could replace the targeted file with content of their choosing. The first .lnk would point to the target file and the second download would contain the compromised version of the target.
Do not download .pif, .lnk, or .url files. If running Windows XP use a limited (non-administrator) account to prevent malicious access to critical operating system files.