Attacker Value
High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2010-2568

Disclosure Date: July 22, 2010
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Collection
Techniques
Validation
Validated
Validated
Defense Evasion
Techniques
Validation
Validated
Validated
Validated
Discovery
Techniques
Validation
Validated
Execution
Techniques
Validation
Validated
Exfiltration
Techniques
Validation
Validated
Validated
Validated
Validated
Impact
Techniques
Validation
Validated
Initial Access
Techniques
Validation
Validated
Persistence
Techniques
Validation
Validated
Validated
Privilege Escalation
Techniques
Validation
Validated
Validated

Description

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Vendors

  • microsoft

Products

  • windows 2003 server,
  • windows 7 -,
  • windows server 2003,
  • windows server 2008,
  • windows server 2008 -,
  • windows server 2008 r2,
  • windows vista,
  • windows vista -,
  • windows xp,
  • windows xp -

Exploited in the Wild

Reported by:
Technical Analysis