Microsoft has released a security update to resolve a vulnerability issue in WIndows Shell, which is caused by incorrect validation of specific parameters when attempting to load a shortcut's icon.
User could be affected by the vulnerability by:
• opening a removable drive containing the malicious shortcut file and the associated malicious binary
• browsing a malicious website, and loading the icon of the shortcut file
• opening a specially crafted document that supports embedded shortcuts or a hosted browser control
A successful exploit of the vulnerability could allow a remote attacker to run arbitrary code and take control of the affected system.