- Source: CPLINK
CPLINK and Win32/CplLnk.A are names for a Microsoft Windows shortcut icon vulnerability discovered in June 2010 and patched on 2 August that affected all Windows operating systems. The vulnerability is exploitable when any Windows application that displays shortcut icons, such as Windows Explorer, browses to a folder containing a malicious shortcut. The exploit can be triggered without any user interaction, regardless where the shortcut file is located.
In June 2010, VirusBlokAda reported detection of zero-day attack malware called Stuxnet that exploited the vulnerability to install a rootkit that snooped Siemens' SCADA systems WinCC and PCS 7. According to Symantec it is the first worm designed to reprogram industrial systems and not only to spy on them.
References
External links
Microsoft Security Advisory (2286198) concerning the Windows vulnerability exploited by CPLINK.
Infoworld article Is Stuxnet the 'best' malware ever?