Zero-day vulnerability in Windows

Improper input validation

The vulnerability was used by Stuxnet worm. According to Symantec the first exploitation of the vulnerability was discovered on 2008-02-13.

Known malware:


Vulnerability details

Advisory: SB2010071603 - Remote code execution in Microsoft Windows

Vulnerable component: Windows

CVE-ID: CVE-2010-2568

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-20 - Improper input validation


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an error when parsing icons to .lnk and .pif files within Windows Explorer. A remote attacker can create a specially crafted icon file, trick the victim into clicking on it and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.

Known APT campaigns:

Iranian Nuclear Facilities breach

The breach was identified in summer 2010 by VirusBlokada antivirus company from Belarus, who was called to investigate computers in Iranian nuclear facilities.

Public Exploits: