Vulnerability CVE-2010-2568 - CERT Civis.Net

Vulnerability Name:

CVE-2010-2568 (CCN-60422)

Assigned:

2010-07-15

Published:

2010-07-15

Updated:

2019-02-26

Summary:

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
Per: http://www.microsoft.com/technet/security/advisory/2286198.mspx

Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-046 to address this issue.

http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-2568

Source: MISC
Type: UNKNOWN
http://isc.sans.edu/diary.html?storyid=9181

Source: MISC
Type: UNKNOWN
http://isc.sans.edu/diary.html?storyid=9190

Source: CCN
Type: Krebs on Security Web site
Experts Warn of New Windows Shortcut Flaw

Source: MISC
Type: UNKNOWN
http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/

Source: CCN
Type: SA40647
Microsoft Windows Shell Shortcut Parsing Vulnerability

Source: SECUNIA
Type: Vendor Advisory
40647

Source: CCN
Type: SECTRACK ID: 1024216
Microsoft Windows Shell LNK Shortcut Processing Flaw Lets Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1024216

Source: CCN
Type: Microsoft Security Bulletin MS12-048
Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)

Source: MISC
Type: UNKNOWN
http://www.f-secure.com/weblog/archives/00001986.html

Source: MISC
Type: Exploit
http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf

Source: CCN
Type: US-CERT VU#940193
Microsoft Windows automatically executes code specified in shortcut files

Source: CERT-VN
Type: Patch, US Government Resource
VU#940193

Source: CCN
Type: Microsoft Security Advisory (2286198)
Vulnerability in Windows Shell Could Allow Remote Code Execution

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.microsoft.com/technet/security/advisory/2286198.mspx

Source: CCN
Type: Microsoft Security Bulletin MS10-046
Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)

Source: CCN
Type: Microsoft Security Bulletin MS11-006
Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)

Source: CCN
Type: Microsoft Web Site
Microsoft Windows

Source: BID
Type: Exploit
41732

Source: CCN
Type: BID-41732
Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability

Source: CERT
Type: US Government Resource
TA10-222A

Source: MS
Type: UNKNOWN
MS10-046

Source: XF
Type: UNKNOWN
ms-win-lnk-code-execution(60422)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11564

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [07-18-2010]

Source: MISC
Type: UNKNOWN
https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows_7:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2008:-:gold:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*

OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_7:*:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_7:-:*:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:11564	V	Windows Shell Vulnerability	2012-03-26