cbcvebase.
CVE-2010-2568
published 2010-07-22

CVE-2010-2568: Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to…

PriorityP190high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-10-06
Exploited in the wild
EPSS
91.32%
99.8th percentile
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.

Affected

7 ranges
VendorProductVersion rangeFixed in
microsoftwindows_server_2008
siemenssimatic_pcs_7
siemenssimatic_pcs_7
siemenssimatic_pcs_7
siemenssimatic_pcs_7
siemenssimatic_wincc
siemenssimatic_wincc

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://research.zscaler.com/2010/07/lnk-cve-2010-2568-stuxnet-incident.html
  • CVE-2010-2568 exploits remained the #1 most-used exploit by number of users attacked as late as 2016, despite a patch being available since 2010. Prioritize detection on unpatched Windows XP, Vista, 7, Server 2003, and Server 2008 systems.
  • CVE-2015-0096 is a related follow-on vulnerability to CVE-2010-2568 (original Stuxnet .lnk bug); patched in MS15-020. Correlate detections for both CVEs when hunting for Stuxnet-lineage activity.

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.