Just read (and had to re-read several times) a quick vulnerability announcement over on US-CERT for how Windows handles LNK files. From the sounds of this, all you need to do is view the location of the malicious LNK file to have it execute code. It’s still not entirely clear if this means viewing the containing folder in Windows Explorer, clicking the LNK file (duh), or something else.

This might be interesting, as it is not uncommon for users to mistakenly attempt sending .LNK files via email, rather than attaching the actual target file of their silly shortcut. And LNK files litter corporate network shares…

If this is just viewing the file sitting in a folder is enough to trigger this, it’s kinda reminiscent of older issues with Windows Explorer displaying certain files like DLL files on network shares. Just the act looking in the direction of the file was enough to cause issues!