Browser's same-origin policy wolud prevent you from accessing local resources from internet. But this is still pretty exploitable DoS.
One could craft a shortcut to "C:\$MFT\non-existing.exe" or bogus "desktop.ini" inside some folder (on network share?) and explorer will crash the system while trying to fetch an icon. I've got a lot of freezes and one BSOD somewhere in ntsf.sys on Windows 7/8.1:
One could craft a shortcut to "C:\$MFT\non-existing.exe" or bogus "desktop.ini" inside some folder (on network share?) and explorer will crash the system while trying to fetch an icon. I've got a lot of freezes and one BSOD somewhere in ntsf.sys on Windows 7/8.1:
Here's what process monitor showed me right before BSOD. "Thread exit" from local session manager process looks quite interesting: https://www.dropbox.com/s/99qnpr25nt0tznh/procmon.jpg?raw=1Exploit PoC:
WARNING! Unzipping this archive and/or stepping into unzipped folder likely to crash your system. You have been warned :) https://www.dropbox.com/s/sl5lw6yykvul5b7/ntfs_bug.zip?raw=1
Bottom line:
* Cromium-based browsers seems to download "file.lnk" as "file.download". Wise move, eh?
* Dropbox seems to delete shared lnk-files O_o
* God bless Sublime Text's session autosave.