Attacker Value

High

(1 user assessed)

Exploitability

Very High

(1 user assessed)

User Interaction

CVE-2010-2568

Disclosure Date: July 22, 2010 •

CVE-2010-2568 CVSS v3 Base Score: 7.8

Exploited in the Wild

Reported by mkienow-r7 and 1 more...
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Collection

Techniques

Validation

Data from Local System

Validated

Data from Removable Media

Validated

Defense Evasion

Techniques

Validation

Rootkit

Validated

Obfuscated Files or Information

Validated

Masquerading: Space after Filename

Validated

Discovery

Techniques

Validation

Query Registry

Validated

Execution

Techniques

Validation

User Execution: Malicious Link

Validated

Exfiltration

Techniques

Validation

Automated Exfiltration

Validated

Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol

Validated

Exfiltration Over Physical Medium

Validated

Exfiltration Over Physical Medium: Exfiltration over USB

Validated

Impact

Techniques

Validation

System Shutdown/Reboot

Validated

Initial Access

Techniques

Validation

Hardware Additions

Validated

Persistence

Techniques

Validation

Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Validated

Boot or Logon Autostart Execution: LSASS Driver

Validated

Privilege Escalation

Techniques

Validation

Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Validated

Boot or Logon Autostart Execution: LSASS Driver

Validated

Metasploit Module

Microsoft Windows Shell LNK Code Execution

post/windows/gather/forensics/fanny_bmp_check

Description

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.

Add Assessment

loneicewolf (4)

February 08, 2021 8:53pm UTC (3 years ago)•

Ratings

Attacker Value

High

Exploitability

Very High

Easy to weaponize Gives privileged access Vulnerable in default configuration Requires physical access Requires user interaction

Technical Analysis

Fanny.bmp

https://github.com/loneicewolf/fanny.bmp/blob/main/Reports/Fanny.BMP(DementiaWheel)_Technical_Report_By_WilliamMartens-2021-10Feb.pdf
Technical Write up: DONE. Finally, it’s available here for read
(and, please feedback! if you have any)
https://www.youtube.com/watch?v=Uto_lcD2f38 POC video for windows xp SP3
Sample:(GitHub) https://github.com/loneicewolf/fanny.bmp

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.8 High

Impact Score:

5.9

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

microsoft

Products

windows 7 -,
windows server 2003 -,
windows server 2008 -,
windows server 2008 r2,
windows vista -,
windows xp -

Metasploit Modules

Microsoft Windows Shell LNK Code Execution (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms10_046_shortcut_icon_dllloader.rb)

Microsoft Windows Shell LNK Code Execution (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms10_046_shortcut_icon_dllloader.rb)

post/windows/gather/forensics/fanny_bmp_check (https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/forensics/fanny_bmp_check.rb)

Exploited in the Wild

Reported by:

mkienow-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: September 16, 2022 7:14pm UTC (2 years ago)

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2022/09/15/cisa-adds-six-known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:22am UTC (1 week ago)

References

Rapid7

High

CVE-2010-2568

High

Very High

Required

None

Local

CVE-2010-2568

Description

Add Assessment

Ratings

Technical Analysis

Fanny.bmp

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

High

CVE-2010-2568

High

Very High

Required

None

Local

CVE-2010-2568

Description

Add Assessment

Ratings

Technical Analysis

Fanny.bmp

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification