Attacker Value
High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2010-2568

Disclosure Date: July 22, 2010
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Collection
Techniques
Validation
Validated
Validated
Defense Evasion
Techniques
Validation
Validated
Validated
Validated
Discovery
Techniques
Validation
Validated
Execution
Techniques
Validation
Validated
Exfiltration
Techniques
Validation
Validated
Validated
Validated
Validated
Impact
Techniques
Validation
Validated
Initial Access
Techniques
Validation
Validated
Persistence
Techniques
Validation
Validated
Validated
Privilege Escalation
Techniques
Validation
Validated
Validated

Description

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.

General Information

Technical Analysis