Vulnerability in N/a
CVE-2010-2568
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which i…
EPSS: 0.921 (99.7th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Public proof-of-concept exploits
References
- TA10-222A (x_refsource_CERT, third-party-advisory)
- isc.sans.edu/diary.html (x_refsource_MISC)
- oval:org.mitre.oval:def:11564 (x_refsource_OVAL, signature, vdb-entry)
- www.f-secure.com/weblog/archives/00001986.html (x_refsource_MISC)
- VU#940193 (x_refsource_CERT-VN, third-party-advisory)
- krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/ (x_refsource_MISC)
- 40647 (x_refsource_SECUNIA, third-party-advisory)
- www.microsoft.com/technet/security/advisory/2286198.mspx (x_refsource_CONFIRM)
- isc.sans.edu/diary.html (x_refsource_MISC)
- 41732 (vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2010-2568?
- CVE-2010-2568 is a vulnerability in N/a. Published 2010-07-22.
- Is CVE-2010-2568 known to be exploited?
- Yes. CVE-2010-2568 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-09-15), indicating it is being actively exploited. 26 public proof-of-concept repositories are indexed.