9.3
CVE-2010-2568
- EPSS 91.32%
- Veröffentlicht 22.07.2010 05:43:49
- Zuletzt bearbeitet 16.06.2026 23:20:59
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows Server 2003 Version- Updatesp2
Microsoft ≫ Windows Server 2008 Version- Update-
Microsoft ≫ Windows Server 2008 Version- Updatesp2
Microsoft ≫ Windows Server 2008 Versionr2 HwPlatformitanium
Microsoft ≫ Windows Server 2008 Versionr2 HwPlatformx64
Microsoft ≫ Windows Vista Version- Updatesp1
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Windows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp3
15.09.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Windows Remote Code Execution Vulnerability
SchwachstelleMicrosoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 91.32% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
http://isc.sans.edu/diary.html?storyid=9181
http://isc.sans.edu/diary.html?storyid=9190
http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/
http://secunia.com/advisories/40647
http://securitytracker.com/id?1024216
http://www.f-secure.com/weblog/archives/00001986.html
http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf
http://www.kb.cert.org/vuls/id/940193
http://www.microsoft.com/technet/security/advisory/2286198.mspx
http://www.securityfocus.com/bid/41732
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564
https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2568