8.2 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
isc.sans.edu/diary.html?storyid=9181
isc.sans.edu/diary.html?storyid=9190
krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/
secunia.com/advisories/40647
securitytracker.com/id?1024216
www.f-secure.com/weblog/archives/00001986.html
www.f-secure.com/weblog/archives/new_rootkit_en.pdf
www.kb.cert.org/vuls/id/940193
www.microsoft.com/technet/security/advisory/2286198.mspx
www.securityfocus.com/bid/41732
www.us-cert.gov/cas/techalerts/TA10-222A.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564
www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm
More