CVE-2010-2568 (GCVE-0-2010-2568)

Vulnerability from cvelistv5 – Published: 2010-07-22 10:00 – Updated: 2025-10-22 00:05
VLAI? CISA
Summary
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE
  • n/a
Assigner
References
CISA Known Exploited Vulnerability
Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2022-09-15

Due date: 2022-10-06

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046; https://nvd.nist.gov/vuln/detail/CVE-2010-2568

Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:39:36.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA10-222A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.edu/diary.html?storyid=9181"
          },
          {
            "name": "oval:org.mitre.oval:def:11564",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.f-secure.com/weblog/archives/00001986.html"
          },
          {
            "name": "VU#940193",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/940193"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
          },
          {
            "name": "40647",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40647"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.edu/diary.html?storyid=9190"
          },
          {
            "name": "41732",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/41732"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm"
          },
          {
            "name": "1024216",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1024216"
          },
          {
            "name": "MS10-046",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2010-2568",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-01T03:55:13.211673Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-09-15",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2568"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T00:05:52.095Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2568"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-09-15T00:00:00+00:00",
            "value": "CVE-2010-2568 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-07-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA10-222A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.edu/diary.html?storyid=9181"
        },
        {
          "name": "oval:org.mitre.oval:def:11564",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.f-secure.com/weblog/archives/00001986.html"
        },
        {
          "name": "VU#940193",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/940193"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
        },
        {
          "name": "40647",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40647"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.edu/diary.html?storyid=9190"
        },
        {
          "name": "41732",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/41732"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm"
        },
        {
          "name": "1024216",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1024216"
        },
        {
          "name": "MS10-046",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-2568",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA10-222A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
            },
            {
              "name": "http://isc.sans.edu/diary.html?storyid=9181",
              "refsource": "MISC",
              "url": "http://isc.sans.edu/diary.html?storyid=9181"
            },
            {
              "name": "oval:org.mitre.oval:def:11564",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564"
            },
            {
              "name": "http://www.f-secure.com/weblog/archives/00001986.html",
              "refsource": "MISC",
              "url": "http://www.f-secure.com/weblog/archives/00001986.html"
            },
            {
              "name": "VU#940193",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/940193"
            },
            {
              "name": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/",
              "refsource": "MISC",
              "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
            },
            {
              "name": "40647",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40647"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/2286198.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
            },
            {
              "name": "http://isc.sans.edu/diary.html?storyid=9190",
              "refsource": "MISC",
              "url": "http://isc.sans.edu/diary.html?storyid=9190"
            },
            {
              "name": "41732",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/41732"
            },
            {
              "name": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf",
              "refsource": "MISC",
              "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
            },
            {
              "name": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm",
              "refsource": "MISC",
              "url": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm"
            },
            {
              "name": "1024216",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1024216"
            },
            {
              "name": "MS10-046",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2010-2568",
    "datePublished": "2010-07-22T10:00:00.000Z",
    "dateReserved": "2010-06-30T00:00:00.000Z",
    "dateUpdated": "2025-10-22T00:05:52.095Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2010-2568",
      "cwes": "[\"CWE-20\"]",
      "dateAdded": "2022-09-15",
      "dueDate": "2022-10-06",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046; https://nvd.nist.gov/vuln/detail/CVE-2010-2568",
      "product": "Windows",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Windows Remote Code Execution Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-10-06",
      "cisaExploitAdd": "2022-09-15",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Microsoft Windows Remote Code Execution Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E33796DB-4523-4F04-B564-ADF030553D51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D929AA2-EE0B-4AA1-805D-69BCCA11B77F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2EE0AD3-2ADC-480E-B03E-06962EC4F095\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F422A8C-2C4E-42C8-B420-E0728037E15C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*\", \"matchCriteriaId\": \"B20DD263-5A62-4CB1-BD47-D1F9A6C67E08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"B7674920-AE12-4A25-BE57-34AEDDA74D76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A04E39A-623E-45CA-A5FC-25DAA0F275A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF1AD1A1-EE20-4BCE-9EE6-84B27139811C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*\", \"matchCriteriaId\": \"C6109348-BC79-4ED3-8D41-EA546A540C79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.\"}, {\"lang\": \"es\", \"value\": \"Shell de Windows en Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 y SP2, Server 2008 SP2 y R2, y Windows 7 permite a usuarios locales o atacantes remotos ejecutar codigo a su elecci\\u00f3n a traves de un fichero de acceso directo (1) .LNK o (2) .PIF manipulado, el cual no es manejado adecuadamente mientras se muestra el icono en el Explorador de Windows, tal y como se demostro  en Julio de 2010, originalmene referenciado por malware que aprovecha CVE-2010-2772 en los sistemas Siemens WinCC SCADA.\"}]",
      "evaluatorSolution": "Per: http://www.microsoft.com/technet/security/advisory/2286198.mspx\r\n\r\nMicrosoft has completed the investigation into a public report of this vulnerability. We have issued MS10-046 to address this issue.\r\n\r\nhttp://www.microsoft.com/technet/security/bulletin/MS10-046.mspx",
      "id": "CVE-2010-2568",
      "lastModified": "2024-12-19T17:52:28.123",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-07-22T05:43:49.703",
      "references": "[{\"url\": \"http://isc.sans.edu/diary.html?storyid=9181\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://isc.sans.edu/diary.html?storyid=9190\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"http://secunia.com/advisories/40647\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1024216\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.f-secure.com/weblog/archives/00001986.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/940193\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/2286198.mspx\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/41732\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\", \"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-222A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://isc.sans.edu/diary.html?storyid=9181\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://isc.sans.edu/diary.html?storyid=9190\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"http://secunia.com/advisories/40647\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1024216\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.f-secure.com/weblog/archives/00001986.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/940193\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/2286198.mspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/41732\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-222A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-2568\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2010-07-22T05:43:49.703\",\"lastModified\":\"2025-10-22T01:15:36.973\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.\"},{\"lang\":\"es\",\"value\":\"Shell de Windows en Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 y SP2, Server 2008 SP2 y R2, y Windows 7 permite a usuarios locales o atacantes remotos ejecutar codigo a su elecci\u00f3n a traves de un fichero de acceso directo (1) .LNK o (2) .PIF manipulado, el cual no es manejado adecuadamente mientras se muestra el icono en el Explorador de Windows, tal y como se demostro  en Julio de 2010, originalmene referenciado por malware que aprovecha CVE-2010-2772 en los sistemas Siemens WinCC SCADA.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2022-09-15\",\"cisaActionDue\":\"2022-10-06\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Microsoft Windows Remote Code Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E33796DB-4523-4F04-B564-ADF030553D51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D929AA2-EE0B-4AA1-805D-69BCCA11B77F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2EE0AD3-2ADC-480E-B03E-06962EC4F095\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*\",\"matchCriteriaId\":\"B20DD263-5A62-4CB1-BD47-D1F9A6C67E08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"B7674920-AE12-4A25-BE57-34AEDDA74D76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A04E39A-623E-45CA-A5FC-25DAA0F275A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF1AD1A1-EE20-4BCE-9EE6-84B27139811C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*\",\"matchCriteriaId\":\"C6109348-BC79-4ED3-8D41-EA546A540C79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]}],\"references\":[{\"url\":\"http://isc.sans.edu/diary.html?storyid=9181\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"http://isc.sans.edu/diary.html?storyid=9190\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"http://secunia.com/advisories/40647\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1024216\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.f-secure.com/weblog/archives/00001986.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/940193\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/2286198.mspx\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/41732\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-222A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://isc.sans.edu/diary.html?storyid=9181\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"http://isc.sans.edu/diary.html?storyid=9190\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"http://secunia.com/advisories/40647\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1024216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.f-secure.com/weblog/archives/00001986.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/940193\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/2286198.mspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/41732\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-222A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2568\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}],\"evaluatorSolution\":\"Per: http://www.microsoft.com/technet/security/advisory/2286198.mspx\\r\\n\\r\\nMicrosoft has completed the investigation into a public report of this vulnerability. We have issued MS10-046 to address this issue.\\r\\n\\r\\nhttp://www.microsoft.com/technet/security/bulletin/MS10-046.mspx\"}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"n/a\", \"vendor\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2010-07-16T00:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.\"}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"n/a\", \"lang\": \"en\", \"type\": \"text\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2018-10-12T19:57:01.000Z\", \"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\"}, \"references\": [{\"name\": \"TA10-222A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"], \"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-222A.html\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"http://isc.sans.edu/diary.html?storyid=9181\"}, {\"name\": \"oval:org.mitre.oval:def:11564\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"], \"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"http://www.f-secure.com/weblog/archives/00001986.html\"}, {\"name\": \"VU#940193\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"], \"url\": \"http://www.kb.cert.org/vuls/id/940193\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/\"}, {\"name\": \"40647\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"], \"url\": \"http://secunia.com/advisories/40647\"}, {\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"http://www.microsoft.com/technet/security/advisory/2286198.mspx\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"http://isc.sans.edu/diary.html?storyid=9190\"}, {\"name\": \"41732\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"], \"url\": \"http://www.securityfocus.com/bid/41732\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm\"}, {\"name\": \"1024216\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"], \"url\": \"http://securitytracker.com/id?1024216\"}, {\"name\": \"MS10-046\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\"], \"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046\"}], \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"secure@microsoft.com\", \"ID\": \"CVE-2010-2568\", \"STATE\": \"PUBLIC\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"n/a\", \"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}}]}, \"vendor_name\": \"n/a\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"TA10-222A\", \"refsource\": \"CERT\", \"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-222A.html\"}, {\"name\": \"http://isc.sans.edu/diary.html?storyid=9181\", \"refsource\": \"MISC\", \"url\": \"http://isc.sans.edu/diary.html?storyid=9181\"}, {\"name\": \"oval:org.mitre.oval:def:11564\", \"refsource\": \"OVAL\", \"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564\"}, {\"name\": \"http://www.f-secure.com/weblog/archives/00001986.html\", \"refsource\": \"MISC\", \"url\": \"http://www.f-secure.com/weblog/archives/00001986.html\"}, {\"name\": \"VU#940193\", \"refsource\": \"CERT-VN\", \"url\": \"http://www.kb.cert.org/vuls/id/940193\"}, {\"name\": \"http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/\", \"refsource\": \"MISC\", \"url\": \"http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/\"}, {\"name\": \"40647\", \"refsource\": \"SECUNIA\", \"url\": \"http://secunia.com/advisories/40647\"}, {\"name\": \"http://www.microsoft.com/technet/security/advisory/2286198.mspx\", \"refsource\": \"CONFIRM\", \"url\": \"http://www.microsoft.com/technet/security/advisory/2286198.mspx\"}, {\"name\": \"http://isc.sans.edu/diary.html?storyid=9190\", \"refsource\": \"MISC\", \"url\": \"http://isc.sans.edu/diary.html?storyid=9190\"}, {\"name\": \"41732\", \"refsource\": \"BID\", \"url\": \"http://www.securityfocus.com/bid/41732\"}, {\"name\": \"http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf\", \"refsource\": \"MISC\", \"url\": \"http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf\"}, {\"name\": \"https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm\", \"refsource\": \"MISC\", \"url\": \"https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm\"}, {\"name\": \"1024216\", \"refsource\": \"SECTRACK\", \"url\": \"http://securitytracker.com/id?1024216\"}, {\"name\": \"MS10-046\", \"refsource\": \"MS\", \"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046\"}]}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-07T02:39:36.528Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"TA10-222A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"], \"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-222A.html\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"http://isc.sans.edu/diary.html?storyid=9181\"}, {\"name\": \"oval:org.mitre.oval:def:11564\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"], \"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"http://www.f-secure.com/weblog/archives/00001986.html\"}, {\"name\": \"VU#940193\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"], \"url\": \"http://www.kb.cert.org/vuls/id/940193\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/\"}, {\"name\": \"40647\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"], \"url\": \"http://secunia.com/advisories/40647\"}, {\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"http://www.microsoft.com/technet/security/advisory/2286198.mspx\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"http://isc.sans.edu/diary.html?storyid=9190\"}, {\"name\": \"41732\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"], \"url\": \"http://www.securityfocus.com/bid/41732\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm\"}, {\"name\": \"1024216\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"], \"url\": \"http://securitytracker.com/id?1024216\"}, {\"name\": \"MS10-046\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\", \"x_transferred\"], \"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046\"}]}, {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2010-2568\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-01T03:55:13.211673Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-09-15\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2568\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T19:19:06.617Z\"}, \"timeline\": [{\"time\": \"2022-09-15T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2010-2568 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"assignerShortName\": \"microsoft\", \"cveId\": \"CVE-2010-2568\", \"datePublished\": \"2010-07-22T10:00:00.000Z\", \"dateReserved\": \"2010-06-30T00:00:00.000Z\", \"dateUpdated\": \"2025-10-21T20:04:24.132Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.