Windows Shortcut Following (.LNK)

CVE-2021-41562

Medium

6.1/10

Summary

A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-64 - Windows Shortcut Following (.LNK)

The software, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

References

Advisory Timeline

Published Nov 03, 2021

Windows Shortcut Following (.LNK)

CVE-2021-41562

Summary

CWE-64 - Windows Shortcut Following (.LNK)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS