Basically, the vulnerability only requires the user to render the icon of a specially created LNK file. This file will point to a DLL on local / remote or possibly over internet via WebDAV. As far as exploitation is concerned, I find that the follow is possible:
- Embedded in Real-media files. This opens up possibility that it can be done in Quicktime, AVI as well if they uses the same vulnerable routine.
- Embedded in Microsoft Office documents of a certain variants.
- Deployed on USB device. Well, unless the user do not open USB device using Explorer, but let's say, DOS prompt.
- Transmitted over email in certain email clients. This has not been tested. Just a theory. If this is possible, it will be disastrous.
- I tried 7zip and WinRAR. Not possible. Likely they uses the standard Load Resource instead of the vulnerable routine. However, there are hundreds of unpacker out there. Who knows, maybe one of them gets it.
- Any other way you can think of to get the user to render the icon.
Of course, I will not reveal how it will be done for security reasons.
Well, what are you waiting for, go activate your Windows Update and get it patched. BTW, if I do not recall wrongly, WinXP SP2 will not get this patch. If this is the case, ALL the Windows XP SP2 and below are sitting ducks out there, just askinig to be hacked times after times.