CVE-2010-2568

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7

Description The issue is related to errors in processing files with .LNK (or .PIF) extensions. Exploitation of this issue can allow a remote attacker to execute arbitrary code using a specially crafted .LNK (or .PIF) file. This can occur when Windows Explorer improperly handles icon display for such files. The issue has been demonstrated in the wild and was originally reported for malware leveraging vulnerabilities in Siemens WinCC SCADA systems. An estimated number of affected devices is not provided, but the issue has been observed in real-world incidents. Technical details include the exploitation of Windows Shell in Microsoft Windows, where a crafted (1) .LNK or (2) .PIF shortcut file is not properly handled during icon display.

Recommendations For Microsoft Windows versions XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7, apply the update that addresses the vulnerability previously discussed in Microsoft Security Advisory 2286198 to prevent arbitrary code execution when the operating system displays the icon of a malicious shortcut file. As a temporary workaround, consider restricting access to .LNK and .PIF files to minimize the risk of exploitation until a patch is available.