CWE-64

Windows Shortcut Following (.LNK)

AI Translation Available

The product, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

Status

incomplete

Abstraction

variant

Likelihood

low

Affected Platforms

Technical Details

AI Translation

Common Consequences

confidentiality integrity

Impacts

read files or directories modify files or directories

Potential Mitigations

Phases:

architecture and design

Descriptions:

• Follow the principle of least privilege when assigning access rights to entities in a software system. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

Functional Areas

file processing

AI Generated Translation

Common Consequences

riservatezza integrità

Impacts

leggere file o directory modificare file o directory

Potential Mitigations

Phases:

architettura e design

Descriptions:

• Segui il principio del privilegio minimo quando assegni i diritti di accesso alle entità in un sistema software. Negare l'accesso a un file può impedire a un attaccante di sostituire quel file con un collegamento a un file sensibile. Assicurare una buona compartimentazione nel sistema per fornire aree protette di cui ci si possa fidare.

Functional Areas

elaborazione file

CWE-64

Common Consequences

Impacts

Potential Mitigations

Functional Areas

Common Consequences

Impacts

Potential Mitigations

Functional Areas

Iscriviti alla newsletter