CVE-2010-2568
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- June 30, 2010
- Published Date
- July 22, 2010
- Last Updated
- February 04, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
CVSS Scores
CVSS v3.1
7.8 - HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Exploit Status
- Exploited in the Wild
- Yes (added 2022-09-15 00:00:00 UTC) Source
References
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
http://isc.sans.edu/diary.html?storyid=9181
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564
http://www.f-secure.com/weblog/archives/00001986.html
http://www.kb.cert.org/vuls/id/940193
http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/
http://secunia.com/advisories/40647
http://www.microsoft.com/technet/security/advisory/2286198.mspx
http://isc.sans.edu/diary.html?storyid=9190
http://www.securityfocus.com/bid/41732
http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf
https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm
http://securitytracker.com/id?1024216
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-09-15 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms10_046_shortcut_icon_dllloader.rb | 2025-04-29 11:01:44 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
ms10_046_shortcut_icon_dllloader
Type: metasploit • Created: Unknown
Metasploit module for CVE-2010-2568
ms10_046_shortcut_icon_dllloader
Type: metasploit • Created: Unknown
Metasploit module for CVE-2010-2568