Russian Vulnerability Scanner Database

Back to List

CVE-2010-2568

Scores

EPSS

0.939High
93.9%
0%20%40%60%80%100%

Percentile: 93.9%

CVSS

7.8High
3.x
0246810

CVSS Score: 7.8/10

All CVSS Scores

CVSS 3.x
7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0
9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

nvd

Related Vulnerabilities

BDU:2021-04410

Exploits

Exploit ID: CVE-2010-2568

Source: cisa

URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Exploit ID: 14403

Source: exploitdb

URL: https://www.exploit-db.com/exploits/14403

Exploit ID: 16574

Source: exploitdb

URL: https://www.exploit-db.com/exploits/16574

Recommendations

Source: nvd

Apply an updateThis issue is addressed in Microsoft Security Bulletin MS10-046. Also consider the following workarounds:Disable the displaying of icons for shortcutsAccording to Microsoft Security Advisory 2286198:Note See Microsoft Knowledge Base Article 2286198 to use the automated Microsoft Fix it solution to enable or disable this workaround.Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the “Changing Keys And Values” Help topic in Registry Editor (Regedit.exe) or view the “Add and Delete Information in the Registry” and “Edit Registry Data” Help topics in Regedt32.exe.Click Start, click Run, type Regedit in the Open box, and then click OK.Locate and then click the following registry key:HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandlerClick the File menu and select Export.In the Export Registry File dialog box, enter LNK_Icon_Backup.reg and click Save.Note This will create a backup of this registry key in the My Documents folder by defaultSelect the value (Default) on the right hand window in the Registy Editor. Press Enter to edit the value of the key. Remove the value, so that the value is blank, and press Enter.Locate and then click the following registry key:HKEY_CLASSES_ROOT\piffile\shellex\IconHandlerClick the File menu and select Export.In the Export Registry File dialog box, enter PIF_Icon_Backup.reg and click Save.Note This will create a backup of this registry key in the My Documents folder by default.Select the value (Default) on the right hand window in the Registy Editor. Press Enter to edit the value of the key. Remove the value, so that the value is blank, and press Enter.Log all users off and on again, or restart the computer.Note that this mitigation may prevent Windows shortcuts from displaying some icons.Disable AutoRunDisabling AutoRun can increase the amount of user interaction that is required to trigger this vulnerability. It will not block the vulnerability, however. Please see Microsoft Support article 967715 for more details. Setting the NoDriveTypeAutoRun registry entry to 0xFF should provide the highest amount of protection.Use least privilegeUse “least privilege” approach to user accounts. By reducing the privileges of the user accounts, the impact of this and other vulnerabilties may be reduced. More information about this technique is available in the Microsoft TechNet article Applying the Principle of Least Privilege to User Accounts on Windows XP. Note that these concepts still apply to Windows Vista and newer operating systems.Disable the WebClient serviceAccording to Microsoft Security Advisory 2286198:Disabling the WebClient service helps protect affected systems from attempts to exploit this vulnerability by blocking the most likely remote attack vector through the Web Distributed Authoring and Versioning (WebDAV) client service. After applying this workaround, it will still be possible for remote attackers who successfully exploited this vulnerability to cause Microsoft Office Outlook to run programs located on the targeted user’s computer or the Local Area Network (LAN), but users will be prompted for confirmation before opening arbitrary programs from the Internet.To disable the WebClient Service, follow these steps:Click Start, click Run, type Services.msc and then click OK.Right-click WebClient service and select Properties.Change the Startup type to Disabled. If the service is running, click Stop.Click OK and exit the management application.Block outgoing SMB trafficBlock outgoing connections on ports 139/tcp, 139/udp, 445/tcp, and 445/udp at your network perimeter. Doing so will help prevent machines on the local network from connecting to SMB servers on the internet. While this does not remove the vulnerability, it does block an attack vector for this vulnerability. Use a web browser other than Internet ExplorerInternet Explorer is very closely integrated with the Microsoft Windows operating system. Because of this, Internet Explorer can often be used as an attack vector for vulnerabilities in the Microsoft Windows operating system. In this case, Internet Explorer can be used to trigger the vulnerability with no user interaction required beyond visiting a malicious or compromised website. Other browsers appear to require additional user interaction.

URL: http://www.kb.cert.org/vuls/id/940193

Vulnerable Software (5)

Type: Configuration

Vendor: microsoft

Product: windows_7

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*...

Source: nvd

Type: Configuration

Vendor: microsoft

Product: windows_server_2003

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*...

Source: nvd

Type: Configuration

Vendor: microsoft

Product: windows_server_2008

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*...

Source: nvd

Type: Configuration

Vendor: microsoft

Product: windows_vista

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*...

Source: nvd

Type: Configuration

Vendor: microsoft

Product: windows_xp

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*...

Source: nvd