F-Secure
Tools
Microsoft Windows Shell Vulnerability (Advisory 2286198)
| Report ID: | SA201006485 |
| Source: | F-Secure |
| Date of Discovery: | 03.08.2010 |
| Criticality: | Critical |
| Affects: | Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 |
| Compromise From: | From remote |
| Compromise Type: | Remote code execution |
Summary
A vulnerability in Windows Shell could allow an attacker to execute arbitrary code and gain system access via a malicious shortcut file.
Detailed Description
Microsoft has released a security update to resolve a vulnerability issue in WIndows Shell, which is caused by incorrect validation of specific parameters when attempting to load a shortcut's icon.
User could be affected by the vulnerability by:
• opening a removable drive containing the malicious shortcut file and the associated malicious binary
• browsing a malicious website, and loading the icon of the shortcut file
• opening a specially crafted document that supports embedded shortcuts or a hosted browser control
A successful exploit of the vulnerability could allow a remote attacker to run arbitrary code and take control of the affected system.
Solution
Install the latest update for applicable system.
* Server Core installation affected.
Original Reference
Microsoft Security Bulletin MS10-046 (http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx/)
CVE Reference
CVE-2010-2568