Vulnerability-Lookup

CVE-2010-2568 (GCVE-0-2010-2568)

Vulnerability from cvelistv5 – Published: 2010-07-22 10:00 – Updated: 2025-10-22 00:05

Summary

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Assigner

microsoft

References

URL

Tags

	http://www.us-cert.gov/cas/techalerts/TA10-222A.html	third-party-advisoryx_refsource_CERT
	http://isc.sans.edu/diary.html?storyid=9181	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.f-secure.com/weblog/archives/00001986.html	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/940193	third-party-advisoryx_refsource_CERT-VN
	http://krebsonsecurity.com/2010/07/experts-warn-o…	x_refsource_MISC
	http://secunia.com/advisories/40647	third-party-advisoryx_refsource_SECUNIA
	http://www.microsoft.com/technet/security/advisor…	x_refsource_CONFIRM
	http://isc.sans.edu/diary.html?storyid=9190	x_refsource_MISC
	http://www.securityfocus.com/bid/41732	vdb-entryx_refsource_BID
	http://www.f-secure.com/weblog/archives/new_rootk…	x_refsource_MISC
	https://www.geoffchappell.com/notes/security/stux…	x_refsource_MISC
	http://securitytracker.com/id?1024216	vdb-entryx_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:39:36.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA10-222A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.edu/diary.html?storyid=9181"
          },
          {
            "name": "oval:org.mitre.oval:def:11564",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.f-secure.com/weblog/archives/00001986.html"
          },
          {
            "name": "VU#940193",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/940193"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
          },
          {
            "name": "40647",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40647"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.edu/diary.html?storyid=9190"
          },
          {
            "name": "41732",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/41732"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm"
          },
          {
            "name": "1024216",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1024216"
          },
          {
            "name": "MS10-046",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2010-2568",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-01T03:55:13.211673Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-09-15",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2568"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T00:05:52.095Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2568"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-09-15T00:00:00.000Z",
            "value": "CVE-2010-2568 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-07-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA10-222A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.edu/diary.html?storyid=9181"
        },
        {
          "name": "oval:org.mitre.oval:def:11564",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.f-secure.com/weblog/archives/00001986.html"
        },
        {
          "name": "VU#940193",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/940193"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
        },
        {
          "name": "40647",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40647"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.edu/diary.html?storyid=9190"
        },
        {
          "name": "41732",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/41732"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm"
        },
        {
          "name": "1024216",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1024216"
        },
        {
          "name": "MS10-046",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-2568",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA10-222A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
            },
            {
              "name": "http://isc.sans.edu/diary.html?storyid=9181",
              "refsource": "MISC",
              "url": "http://isc.sans.edu/diary.html?storyid=9181"
            },
            {
              "name": "oval:org.mitre.oval:def:11564",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564"
            },
            {
              "name": "http://www.f-secure.com/weblog/archives/00001986.html",
              "refsource": "MISC",
              "url": "http://www.f-secure.com/weblog/archives/00001986.html"
            },
            {
              "name": "VU#940193",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/940193"
            },
            {
              "name": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/",
              "refsource": "MISC",
              "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
            },
            {
              "name": "40647",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40647"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/2286198.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
            },
            {
              "name": "http://isc.sans.edu/diary.html?storyid=9190",
              "refsource": "MISC",
              "url": "http://isc.sans.edu/diary.html?storyid=9190"
            },
            {
              "name": "41732",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/41732"
            },
            {
              "name": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf",
              "refsource": "MISC",
              "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
            },
            {
              "name": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm",
              "refsource": "MISC",
              "url": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm"
            },
            {
              "name": "1024216",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1024216"
            },
            {
              "name": "MS10-046",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2010-2568",
    "datePublished": "2010-07-22T10:00:00.000Z",
    "dateReserved": "2010-06-30T00:00:00.000Z",
    "dateUpdated": "2025-10-22T00:05:52.095Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2010-2568",
      "cwes": "[\"CWE-20\"]",
      "dateAdded": "2022-09-15",
      "dueDate": "2022-10-06",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046; https://nvd.nist.gov/vuln/detail/CVE-2010-2568",
      "product": "Windows",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Windows Remote Code Execution Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-222A.html\", \"name\": \"TA10-222A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"]}, {\"url\": \"http://isc.sans.edu/diary.html?storyid=9181\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564\", \"name\": \"oval:org.mitre.oval:def:11564\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}, {\"url\": \"http://www.f-secure.com/weblog/archives/00001986.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/940193\", \"name\": \"VU#940193\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"]}, {\"url\": \"http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/40647\", \"name\": \"40647\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/2286198.mspx\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://isc.sans.edu/diary.html?storyid=9190\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/41732\", \"name\": \"41732\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://securitytracker.com/id?1024216\", \"name\": \"1024216\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046\", \"name\": \"MS10-046\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-07T02:39:36.528Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2010-2568\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-01T03:55:13.211673Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-09-15\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2568\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-09-15T00:00:00.000Z\", \"value\": \"CVE-2010-2568 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2568\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T19:19:06.617Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2010-07-16T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-222A.html\", \"name\": \"TA10-222A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"]}, {\"url\": \"http://isc.sans.edu/diary.html?storyid=9181\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564\", \"name\": \"oval:org.mitre.oval:def:11564\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}, {\"url\": \"http://www.f-secure.com/weblog/archives/00001986.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/940193\", \"name\": \"VU#940193\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"]}, {\"url\": \"http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://secunia.com/advisories/40647\", \"name\": \"40647\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/2286198.mspx\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://isc.sans.edu/diary.html?storyid=9190\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.securityfocus.com/bid/41732\", \"name\": \"41732\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://securitytracker.com/id?1024216\", \"name\": \"1024216\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046\", \"name\": \"MS10-046\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2018-10-12T19:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-222A.html\", \"name\": \"TA10-222A\", \"refsource\": \"CERT\"}, {\"url\": \"http://isc.sans.edu/diary.html?storyid=9181\", \"name\": \"http://isc.sans.edu/diary.html?storyid=9181\", \"refsource\": \"MISC\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564\", \"name\": \"oval:org.mitre.oval:def:11564\", \"refsource\": \"OVAL\"}, {\"url\": \"http://www.f-secure.com/weblog/archives/00001986.html\", \"name\": \"http://www.f-secure.com/weblog/archives/00001986.html\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/940193\", \"name\": \"VU#940193\", \"refsource\": \"CERT-VN\"}, {\"url\": \"http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/\", \"name\": \"http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/\", \"refsource\": \"MISC\"}, {\"url\": \"http://secunia.com/advisories/40647\", \"name\": \"40647\", \"refsource\": \"SECUNIA\"}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/2286198.mspx\", \"name\": \"http://www.microsoft.com/technet/security/advisory/2286198.mspx\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://isc.sans.edu/diary.html?storyid=9190\", \"name\": \"http://isc.sans.edu/diary.html?storyid=9190\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.securityfocus.com/bid/41732\", \"name\": \"41732\", \"refsource\": \"BID\"}, {\"url\": \"http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf\", \"name\": \"http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm\", \"name\": \"https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm\", \"refsource\": \"MISC\"}, {\"url\": \"http://securitytracker.com/id?1024216\", \"name\": \"1024216\", \"refsource\": \"SECTRACK\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046\", \"name\": \"MS10-046\", \"refsource\": \"MS\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2010-2568\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secure@microsoft.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2010-2568\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-22T00:05:52.095Z\", \"dateReserved\": \"2010-06-30T00:00:00.000Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2010-07-22T10:00:00.000Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2010-2568

Vulnerability from fkie_nvd - Published: 2010-07-22 05:43 - Updated: 2025-10-22 01:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://isc.sans.edu/diary.html?storyid=9181	Exploit, Issue Tracking
secure@microsoft.com	http://isc.sans.edu/diary.html?storyid=9190	Issue Tracking
secure@microsoft.com	http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/	Press/Media Coverage
secure@microsoft.com	http://secunia.com/advisories/40647	Vendor Advisory
secure@microsoft.com	http://securitytracker.com/id?1024216	Broken Link, Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.f-secure.com/weblog/archives/00001986.html	Not Applicable
secure@microsoft.com	http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf	Exploit
secure@microsoft.com	http://www.kb.cert.org/vuls/id/940193	Patch, Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.microsoft.com/technet/security/advisory/2286198.mspx	Broken Link, Patch, Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/bid/41732	Broken Link, Exploit, Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA10-222A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046	Patch, Vendor Advisory
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564	Broken Link
secure@microsoft.com	https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://isc.sans.edu/diary.html?storyid=9181	Exploit, Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	http://isc.sans.edu/diary.html?storyid=9190	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/	Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40647	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1024216	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.f-secure.com/weblog/archives/00001986.html	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/940193	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/2286198.mspx	Broken Link, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/41732	Broken Link, Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA10-222A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm	Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2568

Impacted products

Vendor	Product	Version
microsoft	windows_7	-
microsoft	windows_server_2003	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2
microsoft	windows_vista	-
microsoft	windows_vista	-
microsoft	windows_xp	-
microsoft	windows_xp	-

JSON

To clipboard

{
  "cisaActionDue": "2022-10-06",
  "cisaExploitAdd": "2022-09-15",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Microsoft Windows Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*",
              "matchCriteriaId": "C2EE0AD3-2ADC-480E-B03E-06962EC4F095",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*",
              "matchCriteriaId": "B20DD263-5A62-4CB1-BD47-D1F9A6C67E08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
              "matchCriteriaId": "B7674920-AE12-4A25-BE57-34AEDDA74D76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*",
              "matchCriteriaId": "C6109348-BC79-4ED3-8D41-EA546A540C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems."
    },
    {
      "lang": "es",
      "value": "Shell de Windows en Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 y SP2, Server 2008 SP2 y R2, y Windows 7 permite a usuarios locales o atacantes remotos ejecutar codigo a su elecci\u00f3n a traves de un fichero de acceso directo (1) .LNK o (2) .PIF manipulado, el cual no es manejado adecuadamente mientras se muestra el icono en el Explorador de Windows, tal y como se demostro  en Julio de 2010, originalmene referenciado por malware que aprovecha CVE-2010-2772 en los sistemas Siemens WinCC SCADA."
    }
  ],
  "evaluatorSolution": "Per: http://www.microsoft.com/technet/security/advisory/2286198.mspx\r\n\r\nMicrosoft has completed the investigation into a public report of this vulnerability. We have issued MS10-046 to address this issue.\r\n\r\nhttp://www.microsoft.com/technet/security/bulletin/MS10-046.mspx",
  "id": "CVE-2010-2568",
  "lastModified": "2025-10-22T01:15:36.973",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2010-07-22T05:43:49.703",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "http://isc.sans.edu/diary.html?storyid=9181"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "http://isc.sans.edu/diary.html?storyid=9190"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Press/Media Coverage"
      ],
      "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40647"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1024216"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://www.f-secure.com/weblog/archives/00001986.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/940193"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/41732"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "http://isc.sans.edu/diary.html?storyid=9181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "http://isc.sans.edu/diary.html?storyid=9190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Press/Media Coverage"
      ],
      "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1024216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://www.f-secure.com/weblog/archives/00001986.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/940193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/41732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2568"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2010-ALE-010

Vulnerability from certfr_alerte - Published: 2010-07-19 - Updated: 2010-08-03

Une vulnérabilité dans le shell Windows permet à un utilisateur distant malintentionné d'exécuter du code arbitraire.

Description

Une vulnérabilité du shell Windows existe dans la gestion des fichiers de raccourcis .lnk et permet l'exécution à distance de code arbitraire avec les droits de l'utilisateur connecté sur la machine.

Les fichiers .lnk permettent de créer des raccourcis vers des fichiers ou des répertoires.

Microsoft a mis à jour son avis pour indiquer que les fichiers .pif sont aussi vulnérables.

L'exploitation de la vulnérabilité survient lors de l'ouverture, via l'explorateur Windows, d'un dossier contenant les fichiers malformés. La méthode d'infection typique est l'ouverture d'une clé USB infectée, l'exploitation fonctionnant même si Autorun a été désactivé.

Cependant, les périphériques USB ne sont qu'un vecteur d'exploitation, la vulnérabilité peut être aussi exploitée via des partages réseaux, des liens WebDav, ou tout autre vecteur menant à l'affichage des fichiers malformés dans l'explorateur de fichier Windows.

Cette vulnérabilité est activement exploitée sur l'Internet (voir l'alerter CERTA-2010-ALE-009).

Contournement provisoire

Comme documenté dans l'avis Microsoft #2286198, la désactivation de l'affichage des icônes des raccourcis .lnk et .pif empêche l'exploitation de la vulnérabilité.

Microsoft a publié un FixIt permettant de déployer le contournement plus facilement (voir section Documentation).

La procédure manuelle est :

Faire une copie du contenu de la clé de registre :

HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler ;
Puis, editer la valeur «Par défaut» de cette clé et en supprimer le contenu ;
Faire une copie du contenu de la clé de registre :

HKEY_CLASSES_ROOT\piffile\shellex\IconHandler ;
Puis, editer la valeur «Par défaut» de cette clé et en supprimer le contenu ;
Redémarrer la machine ou explorer.exe.

Attention, cette manipulation désactive l'affichage de tous les icônes des raccourcis , y compris ceux du menu démarrer de Windows.

Solution

Se référer au bulletin de sécurité Microsoft pour l'obtention des correctifs (cf. section Documentation).

Toutes les versions de Microsoft Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Avis de sécurité Microsoft #2286198 du 16 juillet 2010	None	vendor-advisory
Fixit Microsoft du 21 juillet 2010 :	-	other
Bulletin de sécurité Microsoft MS10-046 du 03 août 2010 :	-	other
Bulletin de sécurité Microsoft MS10-046 du 03 août 2010 :	-	other
Avis CERTA-2010-AVI-353 du 3 août 2010 :	-	other
Alerte CERTA-2010-ALE-009 du 16 juillet 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eToutes les versions de Microsoft Windows.\u003c/P\u003e",
  "closed_at": "2010-08-03",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 du shell Windows existe dans la gestion des fichiers\nde raccourcis .lnk et permet l\u0027ex\u00e9cution \u00e0 distance de code arbitraire\navec les droits de l\u0027utilisateur connect\u00e9 sur la machine.\n\nLes fichiers .lnk permettent de cr\u00e9er des raccourcis vers des fichiers\nou des r\u00e9pertoires.\n\nMicrosoft a mis \u00e0 jour son avis pour indiquer que les fichiers .pif sont\naussi vuln\u00e9rables.\n\nL\u0027exploitation de la vuln\u00e9rabilit\u00e9 survient lors de l\u0027ouverture, via\nl\u0027explorateur Windows, d\u0027un dossier contenant les fichiers malform\u00e9s. La\nm\u00e9thode d\u0027infection typique est l\u0027ouverture d\u0027une cl\u00e9 USB infect\u00e9e,\nl\u0027exploitation fonctionnant m\u00eame si Autorun a \u00e9t\u00e9 d\u00e9sactiv\u00e9.\n\nCependant, les p\u00e9riph\u00e9riques USB ne sont qu\u0027un vecteur d\u0027exploitation,\nla vuln\u00e9rabilit\u00e9 peut \u00eatre aussi exploit\u00e9e via des partages r\u00e9seaux, des\nliens WebDav, ou tout autre vecteur menant \u00e0 l\u0027affichage des fichiers\nmalform\u00e9s dans l\u0027explorateur de fichier Windows.\n\nCette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e sur l\u0027Internet (voir\nl\u0027alerter CERTA-2010-ALE-009).\n\n## Contournement provisoire\n\nComme document\u00e9 dans l\u0027avis Microsoft \\#2286198, la d\u00e9sactivation de\nl\u0027affichage des ic\u00f4nes des raccourcis .lnk et .pif emp\u00eache\nl\u0027exploitation de la vuln\u00e9rabilit\u00e9.\n\nMicrosoft a publi\u00e9 un FixIt permettant de d\u00e9ployer le contournement plus\nfacilement (voir section Documentation).\n\nLa proc\u00e9dure manuelle est :\n\n-   Faire une copie du contenu de la cl\u00e9 de registre :\n\n    `HKEY_CLASSES_ROOT\\lnkfile\\shellex\\IconHandler` ;\n\n-   Puis, editer la valeur \u00abPar d\u00e9faut\u00bb de cette cl\u00e9 et en supprimer le\n    contenu ;\n\n-   Faire une copie du contenu de la cl\u00e9 de registre :\n\n    `HKEY_CLASSES_ROOT\\piffile\\shellex\\IconHandler` ;\n\n-   Puis, editer la valeur \u00abPar d\u00e9faut\u00bb de cette cl\u00e9 et en supprimer le\n    contenu ;\n\n-   Red\u00e9marrer la machine ou explorer.exe.\n\nAttention, cette manipulation d\u00e9sactive l\u0027affichage de tous les ic\u00f4nes\ndes raccourcis , y compris ceux du menu d\u00e9marrer de Windows.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Microsoft pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-2568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2568"
    }
  ],
  "initial_release_date": "2010-07-19T00:00:00",
  "last_revision_date": "2010-08-03T00:00:00",
  "links": [
    {
      "title": "Fixit Microsoft du 21 juillet 2010 :",
      "url": "http://support.microsoft.com/kb/2286198"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-046 du 03 ao\u00fbt 2010 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-046 du 03 ao\u00fbt 2010 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS10-046.mspx"
    },
    {
      "title": "Avis CERTA-2010-AVI-353 du 3 ao\u00fbt 2010 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-AVI-353"
    },
    {
      "title": "Alerte CERTA-2010-ALE-009 du 16 juillet 2010 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ALE-009"
    }
  ],
  "reference": "CERTA-2010-ALE-010",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-07-19T00:00:00.000000"
    },
    {
      "description": "ajout de la vuln\u00e9rabilit\u00e9 des fichiers .lnk, modification de la section Contournement , ajout du FixIt Microsoft.",
      "revision_date": "2010-07-21T00:00:00.000000"
    },
    {
      "description": "ajout de la section Solution et ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Microsoft dans la section Documentation. .",
      "revision_date": "2010-08-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le \u003cspan class=\"textit\"\u003eshell\u003c/span\u003e Windows\npermet \u00e0 un utilisateur distant malintentionn\u00e9 d\u0027ex\u00e9cuter du code\narbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le Shell de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Microsoft #2286198 du 16 juillet 2010",
      "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
    }
  ]
}

CVE-2010-2568

Vulnerability from fstec - Published: 22.07.2010

Title

Уязвимость операционных систем Windows, связанная с ошибками при обработке файлов с расширением .LNK или .PIF, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость операционных систем Windows связана с ошибками при обработке файлов с расширением .LNK (или .PIF). Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с использованием специально сформированного файла .LNK (или .PIF)

Severity ?

Vendor

Microsoft Corp

Software Name

Windows Server 2008, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2008 R2, Windows 7, Windows Server 2003 Service Pack 1, Windows Vista Service Pack 3

Software Version

- (Windows Server 2008), - (Windows Vista Service Pack 1), - (Windows Vista Service Pack 2), - (Windows Server 2008 Service Pack 2), - (Windows Server 2003 Service Pack 2), - (Windows Server 2008 R2), - (Windows 7), - (Windows Server 2003 Service Pack 1), - (Windows Vista Service Pack 3)

Possible Mitigations

Обновление программного средства до актуальной версии

Reference

http://isc.sans.edu/diary.html?storyid=9181 http://isc.sans.edu/diary.html?storyid=9190 http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/ http://securitytracker.com/id?1024216 http://www.f-secure.com/weblog/archives/00001986.html http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf http://www.kb.cert.org/vuls/id/940193 http://www.microsoft.com/technet/security/advisory/2286198.mspx http://www.securityfocus.com/bid/41732 http://www.us-cert.gov/cas/techalerts/TA10-222A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564 https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Windows Server 2008), - (Windows Vista Service Pack 1), - (Windows Vista Service Pack 2), - (Windows Server 2008 Service Pack 2), - (Windows Server 2003 Service Pack 2), - (Windows Server 2008 R2), - (Windows 7), - (Windows Server 2003 Service Pack 1), - (Windows Vista Service Pack 3)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "22.07.2010",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.11.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.09.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-04410",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2010-2568",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Windows Server 2008, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2008 R2, Windows 7, Windows Server 2003 Service Pack 1, Windows Vista Service Pack 3",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows Server 2008 - 64-bit, Microsoft Corp Windows Vista Service Pack 1 - 64-bit, Microsoft Corp Windows Vista Service Pack 2 - 64-bit, Microsoft Corp Windows Server 2008 - 32-bit, Microsoft Corp Windows Server 2008 Service Pack 2 - 32-bit, Microsoft Corp Windows Vista Service Pack 1 - 32-bit, Microsoft Corp Windows Server 2008 Service Pack 2 - 64-bit, Microsoft Corp Windows Server 2003 Service Pack 2 - , Microsoft Corp Windows Server 2008 R2 - 64-bit, Microsoft Corp Windows Server 2008 R2 - Itanium, Microsoft Corp Windows 7 - , Microsoft Corp Windows Server 2008 Service Pack 2 - Itanium, Microsoft Corp Windows Server 2003 Service Pack 1 - Itanium, Microsoft Corp Windows Vista Service Pack 2 - , Microsoft Corp Windows Server 2008 - Itanium, Microsoft Corp Windows Vista Service Pack 3 - ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Windows, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0444\u0430\u0439\u043b\u043e\u0432 \u0441 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435\u043c .LNK \u0438\u043b\u0438 .PIF, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Windows \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0444\u0430\u0439\u043b\u043e\u0432 \u0441 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435\u043c .LNK (\u0438\u043b\u0438 .PIF). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 .LNK (\u0438\u043b\u0438 .PIF)",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://isc.sans.edu/diary.html?storyid=9181\nhttp://isc.sans.edu/diary.html?storyid=9190\nhttp://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/\nhttp://securitytracker.com/id?1024216\nhttp://www.f-secure.com/weblog/archives/00001986.html\nhttp://www.f-secure.com/weblog/archives/new_rootkit_en.pdf\nhttp://www.kb.cert.org/vuls/id/940193\nhttp://www.microsoft.com/technet/security/advisory/2286198.mspx\nhttp://www.securityfocus.com/bid/41732\nhttp://www.us-cert.gov/cas/techalerts/TA10-222A.html\nhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046\nhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564\nhttps://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)"
}

CERTA-2010-AVI-353

Vulnerability from certfr_avis - Published: 2010-08-03 - Updated: 2010-08-03

Une vulnérabilité dans le shell de Microsoft Windows permet l'exécution à distance de code arbitraire.

Description

Une vulnérabilité dans le shell de Microsoft Windows permet à un utilisateur distant malintentionné d'exécuter du code arbitraire avec les droits de l'utilisateur connecté sur la machine. Une erreur dans l'interprétation des fichiers raccourci permet d'exploiter cette vulnérabilité via l'affichage de l'icône d'un raccourci spécialement conçu.

Solution

Se référer au bulletin de sécurité Microsoft pour l'obtention des correctifs (cf. section Documentation).

Toutes les versions de Microsoft Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Alerte CERTA-2010-ALE-009 du 19 juillet 2010	None	vendor-advisory
Alerte CERTA-2010-ALE-010 du 21 juillet 2010	None	vendor-advisory
Bulletin de sécurité Microsoft MS10-046 du 02 août 2010	None	vendor-advisory
Référence CVE CVE-2010-2568 :	-	other
Bulletin de sécurité Microsoft MS10-046 du 03 août 2010 :	-	other
Bulletin de sécurité Microsoft MS10-046 du 03 août 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eToutes les versions de Microsoft Windows.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le shell de Microsoft Windows permet \u00e0 un\nutilisateur distant malintentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire avec\nles droits de l\u0027utilisateur connect\u00e9 sur la machine. Une erreur dans\nl\u0027interpr\u00e9tation des fichiers raccourci permet d\u0027exploiter cette\nvuln\u00e9rabilit\u00e9 via l\u0027affichage de l\u0027ic\u00f4ne d\u0027un raccourci sp\u00e9cialement\ncon\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Microsoft pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-2568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2568"
    }
  ],
  "initial_release_date": "2010-08-03T00:00:00",
  "last_revision_date": "2010-08-03T00:00:00",
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-2568 :",
      "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2568"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-046 du 03 ao\u00fbt 2010 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-046 du 03 ao\u00fbt 2010 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS10-046.mspx"
    }
  ],
  "reference": "CERTA-2010-AVI-353",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-08-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le \u003cspan class=\"textit\"\u003eshell\u003c/span\u003e de Microsoft\nWindows permet l\u0027ex\u00e9cution \u00e0 distance de code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le Shell de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Alerte CERTA-2010-ALE-009 du 19 juillet 2010",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ALE-009/index.html"
    },
    {
      "published_at": null,
      "title": "Alerte CERTA-2010-ALE-010 du 21 juillet 2010",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ALE-010/index.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-046 du 02 ao\u00fbt 2010",
      "url": null
    }
  ]
}

GSD-2010-2568

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-2568

Aliases

CVE-2010-2568

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-2568",
    "description": "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.",
    "id": "GSD-2010-2568",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2010-2568"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-2568"
      ],
      "details": "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.",
      "id": "GSD-2010-2568",
      "modified": "2023-12-13T01:21:30.959521Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2010-2568",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "TA10-222A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
          },
          {
            "name": "http://isc.sans.edu/diary.html?storyid=9181",
            "refsource": "MISC",
            "url": "http://isc.sans.edu/diary.html?storyid=9181"
          },
          {
            "name": "oval:org.mitre.oval:def:11564",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564"
          },
          {
            "name": "http://www.f-secure.com/weblog/archives/00001986.html",
            "refsource": "MISC",
            "url": "http://www.f-secure.com/weblog/archives/00001986.html"
          },
          {
            "name": "VU#940193",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/940193"
          },
          {
            "name": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/",
            "refsource": "MISC",
            "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
          },
          {
            "name": "40647",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/40647"
          },
          {
            "name": "http://www.microsoft.com/technet/security/advisory/2286198.mspx",
            "refsource": "CONFIRM",
            "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
          },
          {
            "name": "http://isc.sans.edu/diary.html?storyid=9190",
            "refsource": "MISC",
            "url": "http://isc.sans.edu/diary.html?storyid=9190"
          },
          {
            "name": "41732",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/41732"
          },
          {
            "name": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf",
            "refsource": "MISC",
            "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
          },
          {
            "name": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm",
            "refsource": "MISC",
            "url": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm"
          },
          {
            "name": "1024216",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1024216"
          },
          {
            "name": "MS10-046",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:*:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:gold:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:*:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-2568"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://isc.sans.edu/diary.html?storyid=9190",
              "refsource": "MISC",
              "tags": [],
              "url": "http://isc.sans.edu/diary.html?storyid=9190"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/2286198.mspx",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
            },
            {
              "name": "1024216",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1024216"
            },
            {
              "name": "http://www.f-secure.com/weblog/archives/00001986.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.f-secure.com/weblog/archives/00001986.html"
            },
            {
              "name": "41732",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/41732"
            },
            {
              "name": "40647",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/40647"
            },
            {
              "name": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
            },
            {
              "name": "http://isc.sans.edu/diary.html?storyid=9181",
              "refsource": "MISC",
              "tags": [],
              "url": "http://isc.sans.edu/diary.html?storyid=9181"
            },
            {
              "name": "VU#940193",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/940193"
            },
            {
              "name": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
            },
            {
              "name": "TA10-222A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11564",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564"
            },
            {
              "name": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm"
            },
            {
              "name": "MS10-046",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2023-12-07T18:38Z",
      "publishedDate": "2010-07-22T05:43Z"
    }
  }
}

GHSA-6J7W-PXHR-G4PR

Vulnerability from github – Published: 2022-05-14 01:31 – Updated: 2025-10-22 03:30

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-2568"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-07-22T05:43:00Z",
    "severity": "HIGH"
  },
  "details": "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.",
  "id": "GHSA-6j7w-pxhr-g4pr",
  "modified": "2025-10-22T03:30:28Z",
  "published": "2022-05-14T01:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2568"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2568"
    },
    {
      "type": "WEB",
      "url": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm"
    },
    {
      "type": "WEB",
      "url": "http://isc.sans.edu/diary.html?storyid=9181"
    },
    {
      "type": "WEB",
      "url": "http://isc.sans.edu/diary.html?storyid=9190"
    },
    {
      "type": "WEB",
      "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40647"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1024216"
    },
    {
      "type": "WEB",
      "url": "http://www.f-secure.com/weblog/archives/00001986.html"
    },
    {
      "type": "WEB",
      "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/940193"
    },
    {
      "type": "WEB",
      "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/41732"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-2568 (GCVE-0-2010-2568)

FKIE_CVE-2010-2568

CERTA-2010-ALE-010

Description

Contournement provisoire

Solution

CVE-2010-2568

CERTA-2010-AVI-353

Description

Solution

GSD-2010-2568

GHSA-6J7W-PXHR-G4PR

Tags

Sightings

Nomenclature