High severity7.8CISA KEVNVD Advisory· Published Jul 22, 2010· Updated Jun 16, 2026
CVE-2010-2568
CVE-2010-2568
Description
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11- cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*+ 1 more
- cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
- cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
15- www.kb.cert.org/vuls/id/940193nvdPatchThird Party AdvisoryUS Government Resource
- www.microsoft.com/technet/security/advisory/2286198.mspxnvdBroken LinkPatchVendor Advisory
- docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046nvdPatchVendor Advisory
- isc.sans.edu/diary.htmlnvdExploitIssue Tracking
- www.f-secure.com/weblog/archives/new_rootkit_en.pdfnvdExploit
- www.securityfocus.com/bid/41732nvdBroken LinkExploitThird Party AdvisoryVDB Entry
- secunia.com/advisories/40647nvdVendor Advisory
- securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA10-222A.htmlnvdThird Party AdvisoryUS Government Resource
- www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htmnvdThird Party Advisory
- isc.sans.edu/diary.htmlnvdIssue Tracking
- krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/nvdPress/Media Coverage
- www.f-secure.com/weblog/archives/00001986.htmlnvdNot Applicable
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564nvdBroken Link
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.