A security feature bypass vulnerability has been reported in Microsoft Windows. This vulnerability is due to improper handling of Internet Shortcuts. A remote attacker could exploit this vulnerability by enticing a target user to open a crafted shortcut or visit a malicious link. Successful exploitation could result in spoofing, the bypass of SmartScreen security warnings or the disclosure of a targeted user's NTLM hash.

An LNK file using a particular CLSID can trigger a remote 0-click NTLM disclosure just by viewing the file in a File Explorer window. The disclosure of the user's NTLMv2 credentials occurs over SMB to an attacker controlled UNC.

Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below.

Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.

Threat Encyclopedia

1233205

FILE Microsoft Windows Internet Shortcut Point to Location with UNC or Remote Path

High

2026/04/30

1238218

FILE Windows Shell Spoofing Vulnerability (CVE-2026-32202)

High

2026/04/30

1235037

ICS ORing IAP-420 Authenticated Command Injection (CVE-2024-5411)

High

2026/04/30

1235036

ICS ORing IAP-420 Stored Cross-Site Scripting (CVE-2024-5410)

Medium

2026/04/30