CPLINK

{{Short description|Microsoft Windows shortcut icon vulnerability}}

CPLINK and Win32/CplLnk.A are names for a Microsoft Windows shortcut icon vulnerability discovered in June 2010 and patched on 2 August{{cite web|url=https://technet.microsoft.com/en-us/security/bulletin/MS10-046|title=Microsoft Security Bulletin MS10-046 - Critical / Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)|date=2 August 2010|publisher=Microsoft|accessdate=21 November 2011}}{{cite web|url=https://www.bbc.co.uk/news/technology-10837232|title=Microsoft issues 'critical' patch for shortcut bug|date=2 August 2010|publisher=BBC News|accessdate=21 November 2011}} that affected all Windows operating systems. The vulnerability is exploitable when any Windows application that displays shortcut icons, such as Windows Explorer,{{cite web|url=http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3aWin32%2fCplLnk.A|title=Encyclopedia entry: Exploit:Win32/CplLnk.A|date=Jul 16, 2010|publisher=Microsoft|accessdate=27 July 2010}} browses to a folder containing a malicious shortcut.{{cite web|url=https://www.youtube.com/watch?v=-o7viVkGoZ0|title=AskChet, Episode 2, July 26, 2010 - Sophos security news|last=Wisniewski|first=Chester|date=2010-07-27|publisher=SophosLabs|accessdate=27 July 2010}}{{cbignore}}{{Dead Youtube links|date=February 2022}} The exploit can be triggered without any user interaction, regardless where the shortcut file is located.{{cite web|url=http://www.sophos.com/blogs/chetw/g/2010/07/26/shortcut-exploit-dormant-fingers-crossed/|title=Shortcut exploit still quiet - Keep your fingers crossed|last=Wisniewski|first=Chester|date=2010-07-26|publisher=Sophos|accessdate=27 July 2010|archive-url=https://web.archive.org/web/20100801025002/http://www.sophos.com/blogs/chetw/g/2010/07/26/shortcut-exploit-dormant-fingers-crossed/|archive-date=1 August 2010|url-status=dead}}

In June 2010, VirusBlokAda reported detection of zero-day attack malware called Stuxnet that exploited the vulnerability to install a rootkit that snooped Siemens' SCADA systems WinCC{{cite news|url=http://news.cnet.com/8301-27080_3-20011159-245.html|title=Details of the first-ever control system malware (FAQ)|last=Mills|first=Elinor|date=2010-07-21|publisher=CNET|accessdate=21 July 2010}} and PCS 7.{{cite web|url=http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&caller=view|title=SIMATIC WinCC / SIMATIC PCS 7: Information concerning Malware / Virus / Trojan|date=2010-07-21|publisher=Siemens|quote=malware (trojan) which affects the visualization system WinCC SCADA.|accessdate=22 July 2010}} According to Symantec it is the first worm designed to reprogram industrial systems and not only to spy on them.{{cite news|url=http://www.computerworld.com/s/article/print/9185419/Siemens_Stuxnet_worm_hit_industrial_systems?taxonomyName=Network+Security&taxonomyId=142 |archive-url=https://archive.today/20120525053210/http://www.computerworld.com/s/article/print/9185419/Siemens_Stuxnet_worm_hit_industrial_systems?taxonomyName=Network+Security&taxonomyId=142 |url-status=dead |archive-date=25 May 2012 |title=Siemens: Stuxnet worm hit industrial systems |accessdate=16 September 2010 }}