Microsoft Windows Shell LNK Shortcut Processing Flaw Lets Users Execute Arbitrary Code - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: OS (Microsoft) > Windows Shell

Vendors: Microsoft

Microsoft Windows Shell LNK Shortcut Processing Flaw Lets Users Execute Arbitrary Code

SecurityTracker Alert ID: 1024216

SecurityTracker URL: http://securitytracker.com/id/1024216

CVE Reference: CVE-2010-2568 (Links to External Site)

Updated: Aug 2 2010

Original Entry Date: Jul 16 2010

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2003 SP2, XP SP3, Vista SP2, 2008 SP2, 7, 2008 R2

Description: A vulnerability was reported in Microsoft Windows Shell. A remote user can cause arbitrary code to be executed on the target user's system in certain cases.

A remote user can create specially crafted LNK (shortcut) file that, when the link icon is viewed by the target user, will automatically execute arbitrary code on the target system.

This can be exploited via USB storage devices to cause automatic code execution when the USB device directory is viewed via Microsoft Explorer or other file managers. This can also be exploited via a web site, remote share, or certain types of documents.

This vulnerability is being actively exploited.

Sergey I. Ulasen and Uleg Kopreev of VirusBlokAda reported this vulnerability. Andreas Marx and Maik Morgenstern of AV-Test reported this vulnerability.

The original advisory is available at:

http://anti-virus.by/en/tempo.shtml

Impact: A remote user can create a shortcut file with an icon that, when viewed by the target user via a file manager, will execute arbitrary code on the target user's system.

Solution: The vendor has issued the following fixes:

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=12361875-B453-45E8-852B-90F2727894FD

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3B44BD67-48E2-497F-9165-42A702E2CC0D

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=32FE91EF-5A8D-4095-90EE-2CA216696B09

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=923DE214-C4FA-41E6-8307-2C5A37F13E8E

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=63AA5F8A-FE47-4892-B905-B54E4F3B6580

Windows Vista Service Pack 1 and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=52748886-6280-4247-8CBD-F64DB229EE66

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=37648E95-05C2-4802-9A0F-660200BAA229

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3AABD189-7D4C-4C9F-8854-F33127B1C309

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=29C6FC2D-D318-4A63-9AB2-82E84272AAF2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=CFE227B5-6660-49F8-9D71-A997DD83DE0B

Windows 7 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=22E62B5C-E4C1-47D0-AE4A-8BD2D70D0A0A

Windows 7 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=9499F771-C388-4DE3-A5C7-8CC8B00B4395

Windows Server 2008 R2 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=0D9DD09B-DB40-462B-88B0-4DBB8180E81F

Windows Server 2008 R2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=CE2BB5D4-F661-44E3-AC28-0B81F7B72670

A restart is required.

The vendor's advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx

Vendor URL: www.microsoft.com/technet/security/bulletin/ms10-046.mspx (Links to External Site)

Cause: Input validation error

Underlying OS:

Message History: None.

Source Message Contents

Date: Fri, 16 Jul 2010 19:33:03 +0000
Subject: Microsoft Windows


http://anti-virus.by/en/tempo.shtml

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC