CWE-64 9 個 CVE MITRE 定義 ↗

CWE-64:Windows Shortcut Following (.LNK)

概覽

CWE-64(Windows Shortcut Following (.LNK))描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
operating_system Windows Undetermined
technology Not Technology-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2025-7376 2025-08-06 Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubi…
CVE-2025-53503 2025-07-10 Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
CVE-2025-52837 2025-07-10 Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic…
CVE-2025-52521 2025-07-10 Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files…
CVE-2025-49385 2025-06-17 Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files…
CVE-2025-49384 2025-06-17 Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files…
CVE-2025-48443 2025-06-17 Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulne…
CVE-2021-41562 2021-11-03 A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows.
CVE-2021-1492 2021-03-25 The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrar…

內容提交

名稱
PLOVER
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
2008-10-14 CWE Content Team 1.0.1 updated Description
2008-11-24 CWE Content Team 1.1 updated Relationships, Taxonomy_Mappings
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-09-13 CWE Content Team 2.1 updated Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Observed_Examples, Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Relationships, Taxonomy_Mappings
2019-01-03 CWE Content Team 3.2 updated Related_Attack_Patterns
2019-06-20 CWE Content Team 3.3 updated Related_Attack_Patterns
2020-02-24 CWE Content Team 4.0 updated Relationships
2022-06-28 CWE Content Team 4.8 updated Observed_Examples
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-09-09 CWE Content Team 4.18 updated Affected_Resources, Functional_Areas
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Common_Consequences, Description
cvelogic Threat Intelligence