|| Hotline : 800 2378 ||  To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu ||  To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||
    Constituency
    Authority
    Vol. 2, Feb 2012
    Vol. 1, Oct 2011
    World CERTs
    Email Abuse
 
 
Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University
 
 
 
 
 
 
 
 
 
 
 
 


   
  CERT-MU Vulnerability Note VN-2010-15

Microsoft Windows Shell shortcut handling remote code execution vulnerability

Original Issue Date: July 19, 2010

Severity Rating: High

Systems Affected

  • Windows XP Service Pack 3
  • Windows XP Professional x64 Edition SP 2
  • Windows Server 2003 SP 2
  • Windows Server 2003 x64 Edition SP 2
  • Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Vista SP 1 and SP 2
  • Windows Vista x64 Edition SP 1 and SP 2
  • Windows Server 2008 for 32-bit Systems and SP 2
  • Windows Server 2008 for x64-based Systems and SP 2
  • Windows Server 2008 for Itanium-based Systems and SP 2
  • Windows 7 for 32-bit Systems
  • Windows 7 for x64-based Systems
  • Windows Server 2008 R2 for x64-based Systems
  • Windows Server 2008 R2 for Itanium-based Systems

Overview

A remote code execution vulnerability has been reported in Windows Shell, that does not correctly validate specific parameters of the shortcut when attempting to load the icon of a shortcut.

Description

This issue is due to an error in the Windows Shell component when parsing shortcuts (*.LNK files), which could allow attackers to automatically execute a malicious binary by tricking a user into opening in Windows Explorer a removable drive (e.g. USB) or browsing a remote network or WebDAV share containing a specially crafted shortcut file.

Successful exploits allows the remote attacker to execute arbitrary code in the context of the logged-in user.

Note: The vulnerability has been actively exploited in targeted attacks.

Workarounds

  • Disable the displaying of icons for shortcuts
  • Disable the WebClient service
  • Disable AutoRun
  • Block outgoing SMB traffic

Note : For detailed steps and impact of applying these workarounds refer to Microsoft Security Advisory 2286198

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/advisory/2286198.mspx

References

Microsoft
http://www.microsoft.com/technet/security/advisory/2286198.mspx
http://blogs.technet.com/b/msrc/archive/2010/07/16/security-advisory-2286198-released.aspx

VUPEN
http://www.vupen.com/english/advisories/2010/1836

US-CERT
http://www.kb.cert.org/vuls/id/940193

Securityfocus
http://www.securityfocus.com/bid/41732

VIrusBlokADa
http://www.anti-virus.by/en/tempo.shtml

CVE Name
CVE-2010-2568

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

  
 
News & Events
Safer Internet Day 2012
Computer Security Day 2011
Workshop on Cloud Security
Workshop on Mobile Security
Certificate Award Ceremony for Trainings in Information Security Management
  more...
 
Virus Alerts
RSS Feed
Subscribe Mailing List
 
 
 

Last Updated 20-Jul-2011
Disclaimer Maintained & Hosted by NCB
This site is best viewed in 1024 x 768 resolution. Internet Explorer 6.0 +
10-Jul-2011