目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-64 Windows快捷方式跟随(.LNK) 类漏洞列表 9

CWE-64 Windows快捷方式跟随(.LNK) 类弱点 9 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-64 属于路径遍历类漏洞,指程序在处理 Windows 快捷方式(.LNK)时,未充分验证其目标路径是否超出预期控制范围。攻击者常通过构造指向敏感文件的恶意快捷方式,诱导程序访问或操作未授权资源。开发者应避免直接信任快捷方式指向的路径,在解析前进行严格的规范化与权限校验,确保目标文件位于安全边界内,从而防止越权访问。

MITRE CWE 官方描述
CWE:CWE-64 Windows Shortcut Following (.LNK) 英文:当打开文件或目录时,产品未能充分处理目标位于预期控制范围之外的 Windows 快捷方式(.LNK)的情况。这可能导致攻击者使产品操作未经授权的(unauthorized)文件。
常见影响 (1)
Confidentiality, IntegrityRead Files or Directories, Modify Files or Directories
The shortcut (file with the .lnk extension) can permit an attacker to read/write a file that they originally did not have permissions to access.
缓解措施 (1)
Architecture and DesignFollow the principle of least privilege when assigning access rights to entities in a software system. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CVE ID标题CVSS风险等级Published
CVE-2025-7376 Mitsubishi Electric多款产品 安全漏洞 — GENESIS64 5.9 Medium2025-08-06
CVE-2025-53503 Trend Micro Cleaner One Pro 安全漏洞 — Trend Micro Cleaner One Pro 7.8 High2025-07-10
CVE-2025-52837 Trend Micro Password Manager 安全漏洞 — Trend Micro Password Manager 7.8 High2025-07-10
CVE-2025-52521 Trend Micro Security 安全漏洞 — Trend Micro Security (Consumer) 7.8 High2025-07-10
CVE-2025-49385 Trend Micro Security 安全漏洞 — Trend Micro Internet Security (Consumer) 7.8 High2025-06-17
CVE-2025-49384 Trend Micro Security 安全漏洞 — Trend Micro Internet Security (Consumer) 7.8 High2025-06-17
CVE-2025-48443 Trend Micro Password Manager 安全漏洞 — Trend Micro Password Manager 6.7 Medium2025-06-17
CVE-2021-41562 Snow Software AB Snow Agent 安全漏洞 — Snow Agent for Windows 6.1 Medium2021-11-03
CVE-2021-1492 DUO Duo Authentication Proxy 安全漏洞 — Duo Authentication Proxy 6.6 Medium2021-03-25

CWE-64(Windows快捷方式跟随(.LNK)) 是常见的弱点类别,本平台收录该类弱点关联的 9 条 CVE 漏洞。