CVE-2010-2568
Vulnerability from cvelistv5
Published
2010-07-22 10:00
Modified
2024-08-07 02:39
Severity ?
Summary
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
References
secure@microsoft.comhttp://isc.sans.edu/diary.html?storyid=9181Broken Link
secure@microsoft.comhttp://isc.sans.edu/diary.html?storyid=9190Broken Link
secure@microsoft.comhttp://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/Press/Media Coverage
secure@microsoft.comhttp://secunia.com/advisories/40647Broken Link, Vendor Advisory
secure@microsoft.comhttp://securitytracker.com/id?1024216Broken Link, Third Party Advisory, VDB Entry
secure@microsoft.comhttp://www.f-secure.com/weblog/archives/00001986.htmlNot Applicable
secure@microsoft.comhttp://www.f-secure.com/weblog/archives/new_rootkit_en.pdfExploit
secure@microsoft.comhttp://www.kb.cert.org/vuls/id/940193Patch, Third Party Advisory, US Government Resource
secure@microsoft.comhttp://www.microsoft.com/technet/security/advisory/2286198.mspxPatch, Vendor Advisory
secure@microsoft.comhttp://www.securityfocus.com/bid/41732Broken Link, Exploit, Third Party Advisory, VDB Entry
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA10-222A.htmlThird Party Advisory, US Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046Patch, Vendor Advisory
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564Broken Link
secure@microsoft.comhttps://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htmThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://isc.sans.edu/diary.html?storyid=9181Broken Link
af854a3a-2127-422b-91ae-364da2661108http://isc.sans.edu/diary.html?storyid=9190Broken Link
af854a3a-2127-422b-91ae-364da2661108http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40647Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1024216Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.f-secure.com/weblog/archives/00001986.htmlNot Applicable
af854a3a-2127-422b-91ae-364da2661108http://www.f-secure.com/weblog/archives/new_rootkit_en.pdfExploit
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/940193Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.microsoft.com/technet/security/advisory/2286198.mspxPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/41732Broken Link, Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA10-222A.htmlThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564Broken Link
af854a3a-2127-422b-91ae-364da2661108https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htmThird Party Advisory
Impacted products
Vendor Product Version
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2022-09-15

Due date: 2022-10-06

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046; https://nvd.nist.gov/vuln/detail/CVE-2010-2568

Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:39:36.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA10-222A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.edu/diary.html?storyid=9181"
          },
          {
            "name": "oval:org.mitre.oval:def:11564",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.f-secure.com/weblog/archives/00001986.html"
          },
          {
            "name": "VU#940193",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/940193"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
          },
          {
            "name": "40647",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40647"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.edu/diary.html?storyid=9190"
          },
          {
            "name": "41732",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/41732"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm"
          },
          {
            "name": "1024216",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1024216"
          },
          {
            "name": "MS10-046",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-07-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA10-222A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.edu/diary.html?storyid=9181"
        },
        {
          "name": "oval:org.mitre.oval:def:11564",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.f-secure.com/weblog/archives/00001986.html"
        },
        {
          "name": "VU#940193",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/940193"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
        },
        {
          "name": "40647",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40647"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.edu/diary.html?storyid=9190"
        },
        {
          "name": "41732",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/41732"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm"
        },
        {
          "name": "1024216",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1024216"
        },
        {
          "name": "MS10-046",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-2568",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA10-222A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
            },
            {
              "name": "http://isc.sans.edu/diary.html?storyid=9181",
              "refsource": "MISC",
              "url": "http://isc.sans.edu/diary.html?storyid=9181"
            },
            {
              "name": "oval:org.mitre.oval:def:11564",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564"
            },
            {
              "name": "http://www.f-secure.com/weblog/archives/00001986.html",
              "refsource": "MISC",
              "url": "http://www.f-secure.com/weblog/archives/00001986.html"
            },
            {
              "name": "VU#940193",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/940193"
            },
            {
              "name": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/",
              "refsource": "MISC",
              "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
            },
            {
              "name": "40647",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40647"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/2286198.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
            },
            {
              "name": "http://isc.sans.edu/diary.html?storyid=9190",
              "refsource": "MISC",
              "url": "http://isc.sans.edu/diary.html?storyid=9190"
            },
            {
              "name": "41732",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/41732"
            },
            {
              "name": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf",
              "refsource": "MISC",
              "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
            },
            {
              "name": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm",
              "refsource": "MISC",
              "url": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm"
            },
            {
              "name": "1024216",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1024216"
            },
            {
              "name": "MS10-046",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2010-2568",
    "datePublished": "2010-07-22T10:00:00",
    "dateReserved": "2010-06-30T00:00:00",
    "dateUpdated": "2024-08-07T02:39:36.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2010-2568",
      "cwes": "[\"CWE-20\"]",
      "dateAdded": "2022-09-15",
      "dueDate": "2022-10-06",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046; https://nvd.nist.gov/vuln/detail/CVE-2010-2568",
      "product": "Windows",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Windows Remote Code Execution Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-2568\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2010-07-22T05:43:49.703\",\"lastModified\":\"2024-12-19T17:52:28.123\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.\"},{\"lang\":\"es\",\"value\":\"Shell de Windows en Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 y SP2, Server 2008 SP2 y R2, y Windows 7 permite a usuarios locales o atacantes remotos ejecutar codigo a su elecci\u00f3n a traves de un fichero de acceso directo (1) .LNK o (2) .PIF manipulado, el cual no es manejado adecuadamente mientras se muestra el icono en el Explorador de Windows, tal y como se demostro  en Julio de 2010, originalmene referenciado por malware que aprovecha CVE-2010-2772 en los sistemas Siemens WinCC SCADA.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2022-09-15\",\"cisaActionDue\":\"2022-10-06\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Microsoft Windows Remote Code Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E33796DB-4523-4F04-B564-ADF030553D51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D929AA2-EE0B-4AA1-805D-69BCCA11B77F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2EE0AD3-2ADC-480E-B03E-06962EC4F095\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*\",\"matchCriteriaId\":\"B20DD263-5A62-4CB1-BD47-D1F9A6C67E08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"B7674920-AE12-4A25-BE57-34AEDDA74D76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A04E39A-623E-45CA-A5FC-25DAA0F275A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF1AD1A1-EE20-4BCE-9EE6-84B27139811C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*\",\"matchCriteriaId\":\"C6109348-BC79-4ED3-8D41-EA546A540C79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]}],\"references\":[{\"url\":\"http://isc.sans.edu/diary.html?storyid=9181\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://isc.sans.edu/diary.html?storyid=9190\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"http://secunia.com/advisories/40647\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1024216\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.f-secure.com/weblog/archives/00001986.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/940193\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/2286198.mspx\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/41732\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-222A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://isc.sans.edu/diary.html?storyid=9181\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://isc.sans.edu/diary.html?storyid=9190\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"http://secunia.com/advisories/40647\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1024216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.f-secure.com/weblog/archives/00001986.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/940193\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/2286198.mspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/41732\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-222A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}],\"evaluatorSolution\":\"Per: http://www.microsoft.com/technet/security/advisory/2286198.mspx\\r\\n\\r\\nMicrosoft has completed the investigation into a public report of this vulnerability. We have issued MS10-046 to address this issue.\\r\\n\\r\\nhttp://www.microsoft.com/technet/security/bulletin/MS10-046.mspx\"}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.