Vulnerabilities > CVE-2010-2568 - Unspecified vulnerability in Microsoft products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
microsoft
nessus
exploit available
metasploit

Summary

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.

Exploit-Db

  • descriptionMicrosoft Windows Automatic LNK Shortcut File Code Execution. CVE-2010-2568,CVE-2015-0096. Local exploit for windows platform
    idEDB-ID:14403
    last seen2016-02-01
    modified2010-07-18
    published2010-07-18
    reporterIvanlef0u
    sourcehttps://www.exploit-db.com/download/14403/
    titleMicrosoft Windows - Automatic LNK Shortcut File Code Execution
  • descriptionMicrosoft Windows Shell LNK Code Execution. CVE-2010-2568. Remote exploit for windows platform
    idEDB-ID:16574
    last seen2016-02-02
    modified2010-09-21
    published2010-09-21
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16574/
    titleMicrosoft Windows Shell LNK Code Execution

Metasploit

Msbulletin

bulletin_idMS10-046
bulletin_url
date2010-08-02T00:00:00
impactRemote Code Execution
knowledgebase_id2286198
knowledgebase_url
severityCritical
titleVulnerability in Windows Shell Could Allow Remote Code Execution

Nessus

  • NASL familyWindows
    NASL idSMB_KB_2286198.NASL
    descriptionWindows Shell does not properly validate the parameters of a shortcut file when loading its icon. Attempting to parse the icon of a specially crafted shortcut file can result in arbitrary code execution. A remote attacker could exploit this by tricking a user into viewing a malicious shortcut file via Windows Explorer, or any other application that parses the shortcut
    last seen2020-06-01
    modified2020-06-02
    plugin id47750
    published2010-07-18
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47750
    titleMS KB2286198: Windows Shell Shortcut Icon Parsing Arbitrary Code Execution (EASYHOOKUP)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS10-046.NASL
    descriptionThe remote windows host contains a version of the Windows Shell that contains a vulnerability in the way it handles shortcut icons. An attacker, exploiting this flaw, can execute arbitrary commands on the remote host subject to the privileges of the user opening the shortcut. EASYHOOKUP is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.
    last seen2020-06-01
    modified2020-06-02
    plugin id48216
    published2010-08-02
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48216
    titleMS10-046: Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) (EASYHOOKUP)

Oval

accepted2012-03-26T04:00:07.602-04:00
classvulnerability
contributors
  • nameJosh Turpin
    organizationSymantec Corporation
  • nameDragos Prisaca
    organizationSymantec Corporation
  • nameJosh Turpin
    organizationSymantec Corporation
  • nameJ. Daniel Brown
    organizationDTCC
  • nameDragos Prisaca
    organizationSymantec Corporation
definition_extensions
  • commentMicrosoft Windows XP (x86) SP3 is installed
    ovaloval:org.mitre.oval:def:5631
  • commentMicrosoft Windows XP x64 Edition SP2 is installed
    ovaloval:org.mitre.oval:def:4193
  • commentMicrosoft Windows Server 2003 SP2 (x86) is installed
    ovaloval:org.mitre.oval:def:1935
  • commentMicrosoft Windows Server 2003 SP2 (x64) is installed
    ovaloval:org.mitre.oval:def:2161
  • commentMicrosoft Windows Server 2003 (ia64) SP2 is installed
    ovaloval:org.mitre.oval:def:1442
  • commentMicrosoft Windows Vista (32-bit) Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:4873
  • commentMicrosoft Windows Vista x64 Edition Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:5254
  • commentMicrosoft Windows Server 2008 (32-bit) is installed
    ovaloval:org.mitre.oval:def:4870
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows Server 2008 (ia-64) is installed
    ovaloval:org.mitre.oval:def:5667
  • commentMicrosoft Windows Vista (32-bit) Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:6124
  • commentMicrosoft Windows Vista x64 Edition Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:5594
  • commentMicrosoft Windows Server 2008 (32-bit) Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:5653
  • commentMicrosoft Windows Server 2008 x64 Edition Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:6216
  • commentMicrosoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:6150
  • commentMicrosoft Windows 7 (32-bit) is installed
    ovaloval:org.mitre.oval:def:6165
  • commentMicrosoft Windows 7 x64 Edition is installed
    ovaloval:org.mitre.oval:def:5950
  • commentMicrosoft Windows Server 2008 R2 x64 Edition is installed
    ovaloval:org.mitre.oval:def:6438
  • commentMicrosoft Windows Server 2008 R2 Itanium-Based Edition is installed
    ovaloval:org.mitre.oval:def:5954
descriptionWindows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
familywindows
idoval:org.mitre.oval:def:11564
statusaccepted
submitted2010-07-19T13:00:00
titleWindows Shell Vulnerability
version78

Packetstorm

Saint

bid41732
descriptionWindows Shell LNK file CONTROL item command execution
idwin_patch_shellshortcut
osvdb66387
titlewindows_shell_lnk_control
typeclient

References