So LNK files have had command lines put in them by worms/other threats for execution/persistence for at least 15 years now, but because someone put a linebreak in there it's now suddenly a zero-day? Guess it's been a slow day at the Trend Micro offices again

Now I'm no vulnerability management expert, but I'm pretty sure that four CVSS 5.3 vulns chain together to make a CVSS 21.2 vulnerability. Why has this been downgraded to a 9.8? More shenanigans from Mitre smh