7.8 CVE-2010-2568

CISA Kev Catalog Used by Malware Patch Exploit

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
https://nvd.nist.gov/vuln/detail/CVE-2010-2568

References

af854a3a-2127-422b-91ae-364da2661108 Patch Exploit

http://isc.sans.edu/diary.html?storyid=9181 Exploit Issue Tracking
http://isc.sans.edu/diary.html?storyid=9190 Issue Tracking
http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/ Press/Media Coverage
http://secunia.com/advisories/40647 Vendor Advisory
http://securitytracker.com/id?1024216 Broken Link Third Party Advisory VDB Entry
http://www.f-secure.com/weblog/archives/00001986.html Not Applicable
http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf Exploit
http://www.kb.cert.org/vuls/id/940193 Patch Third Party Advisory US Government Resource
http://www.microsoft.com/technet/security/advisory/2286198.mspx Patch Vendor Advisory Broken Link
http://www.securityfocus.com/bid/41732 Broken Link Exploit Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA10-222A.html Third Party Advisory US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10... Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... Broken Link
https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm Third Party Advisory

secure@microsoft.com Patch Exploit

http://isc.sans.edu/diary.html?storyid=9181 Exploit Issue Tracking
http://isc.sans.edu/diary.html?storyid=9190 Issue Tracking
http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/ Press/Media Coverage
http://secunia.com/advisories/40647 Vendor Advisory
http://securitytracker.com/id?1024216 Broken Link Third Party Advisory VDB Entry
http://www.f-secure.com/weblog/archives/00001986.html Not Applicable
http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf Exploit
http://www.kb.cert.org/vuls/id/940193 Patch Third Party Advisory US Government Resource
http://www.microsoft.com/technet/security/advisory/2286198.mspx Patch Vendor Advisory Broken Link
http://www.securityfocus.com/bid/41732 Broken Link Exploit Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA10-222A.html Third Party Advisory US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10... Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... Broken Link
https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm Third Party Advisory

CPE

cpe	start	end
Configuration 1
cpe:2.3:o:microsoft:windows_7:-:::::::*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2::::::
cpe:2.3:o:microsoft:windows_server_2008:-:-::::::
cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
cpe:2.3:o:microsoft:windows_server_2008:r2::::::itanium:
cpe:2.3:o:microsoft:windows_server_2008:r2::::::x64:
cpe:2.3:o:microsoft:windows_vista:-:sp1::::::
cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
cpe:2.3:o:microsoft:windows_xp:-:sp2:::professional::x64:
cpe:2.3:o:microsoft:windows_xp:-:sp3::::::

REMEDIATION

Patch

Url
http://www.kb.cert.org/vuls/id/940193
http://www.microsoft.com/technet/security/advisory/2286198.mspx
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10...
http://www.kb.cert.org/vuls/id/940193
http://www.microsoft.com/technet/security/advisory/2286198.mspx
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10...

EXPLOITS

Exploit-db.com

id	description	date
16574	Microsoft Windows - Shell LNK Code Execution (MS10-046) (Metasploit)	2010-09-21

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
http://isc.sans.edu/diary.html?storyid=9181
http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf
http://www.securityfocus.com/bid/41732
http://isc.sans.edu/diary.html?storyid=9181
http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf
http://www.securityfocus.com/bid/41732

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer

Soutenez No Hack Me sur Tipeee

cpe	start	end
Configuration 1
cpe:2.3:o:microsoft:windows_7:-:::::::*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2::::::
cpe:2.3:o:microsoft:windows_server_2008:-:-::::::
cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
cpe:2.3:o:microsoft:windows_server_2008:r2::::::itanium:
cpe:2.3:o:microsoft:windows_server_2008:r2::::::x64:
cpe:2.3:o:microsoft:windows_vista:-:sp1::::::
cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
cpe:2.3:o:microsoft:windows_xp:-:sp2:::professional::x64:
cpe:2.3:o:microsoft:windows_xp:-:sp3::::::