9.3

CVE-2010-2568

Warnung
Medienbericht
Exploit
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 7 Version-
MicrosoftWindows Server 2003 Version- Updatesp2
MicrosoftWindows Server 2008 Version- Update-
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Versionr2 HwPlatformitanium
MicrosoftWindows Server 2008 Versionr2 HwPlatformx64
MicrosoftWindows Vista Version- Updatesp1
MicrosoftWindows Vista Version- Updatesp2
MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
MicrosoftWindows Xp Version- Updatesp3

15.09.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Windows Remote Code Execution Vulnerability

Schwachstelle

Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 91.32% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
Third Party Advisory
US Government Resource
http://isc.sans.edu/diary.html?storyid=9181
Exploit
Issue Tracking
http://isc.sans.edu/diary.html?storyid=9190
Issue Tracking
http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/
Press/Media Coverage
http://secunia.com/advisories/40647
Vendor Advisory
http://securitytracker.com/id?1024216
Third Party Advisory
Broken Link
VDB Entry
http://www.f-secure.com/weblog/archives/00001986.html
Not Applicable
http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf
Exploit
http://www.kb.cert.org/vuls/id/940193
Patch
Third Party Advisory
US Government Resource
http://www.microsoft.com/technet/security/advisory/2286198.mspx
Patch
Vendor Advisory
Broken Link
http://www.securityfocus.com/bid/41732
Third Party Advisory
Exploit
Broken Link
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564
Broken Link
https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2568
US Government Resource