What is the CVSS score of CVE-2010-2568?

CVE-2010-2568 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 92.1%.

Which versions of Windows Shell are affected by CVE-2010-2568?

CVE-2010-2568 is a critical remote code execution vulnerability in Windows Shell that allows attackers to execute arbitrary code through malicious shortcut files (.LNK/.PIF) opened in Windows…. A patch is available.

Is there a public PoC exploit available for CVE-2010-2568?

Yes, a public proof-of-concept exploit is available for CVE-2010-2568. Prioritise patching immediately. EPSS: 92.1%.

How to fix or mitigate CVE-2010-2568?

Within 24 hours: Identify all Windows XP, Vista, and Windows 7 systems in your environment using network scanning tools and prioritize those with SCADA/ICS connections or handling external files. Within 7 days: Apply Microsoft MS10-046 security update to all affected systems; for Windows XP apply KB2286198, for Windows Vista/7 apply KB2219637 or later cumulative updates. Within 30 days: Disable or remove Windows shortcut file processing where operationally feasible, implement application whitelisting to block untrusted .LNK/.PIF execution, and complete transition planning for Windows XP/Vista systems to Windows 10 or later with full patching.

Windows Shell CVE-2010-2568

HIGH

2010-07-22 secure@microsoft.com

Siemens Microsoft RCE

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 22, 2026 - 10:45 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 21, 2026 - 15:22 vuln.today

cvss_changed

Analysis Generated

Mar 26, 2026 - 11:17 vuln.today

Added to CISA KEV

Oct 22, 2025 - 01:15 cisa

CISA KEV

PoC Detected

Oct 22, 2025 - 01:15 vuln.today

Public exploit code

Patch released

Oct 22, 2025 - 01:15 nvd

Patch available

CVE Published

Jul 22, 2010 - 05:43 nvd

HIGH 7.8

DescriptionCVE.org

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.

AnalysisAI

Remote code execution in Windows Shell across XP through Windows 7 via malicious .LNK or .PIF shortcut files automatically processed when displayed in Windows Explorer. Confirmed actively exploited (CISA KEV) in 2010 Stuxnet campaign targeting Siemens WinCC SCADA systems, with 92.13% EPSS score reflecting historical widespread exploitation. Public exploits available. Originally weaponized as zero-day before Microsoft MS10-046 patch release.

Technical ContextAI

Windows Shell is the Windows Explorer graphical interface component responsible for rendering desktop elements, file browsing, and shortcut file handling. This vulnerability exists in the icon display handler for .LNK (Windows shortcut) and .PIF (Program Information File) files. When Windows Explorer renders these files, the shell improperly parses specially crafted shortcut metadata, allowing embedded code execution without opening the file. Affects all Windows versions from XP SP3 through Windows 7 and Server 2008 R2 across x86, x64, and Itanium architectures (per CPE data: windows_xp sp3, windows_vista sp1/sp2, windows_7, windows_server_2003 sp2, windows_server_2008 sp2/R2). The vulnerability was leveraged in conjunction with CVE-2010-2772 (Siemens WinCC default credentials) in the Stuxnet worm, marking one of the first major SCADA-targeting malware campaigns.

RemediationAI

Apply Microsoft Security Bulletin MS10-046 released August 2010, which patches the Windows Shell .LNK and .PIF parsing vulnerability across all affected Windows versions (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046). For systems that cannot immediately patch, Microsoft advisory 2286198 provides registry-based workaround to disable display of shortcut icons, though this degrades user experience and does not eliminate risk if users open malicious shortcuts directly. Disable AutoRun/AutoPlay features for removable media and network shares to prevent automatic code execution when directories containing weaponized .LNK files are browsed, though this does not prevent exploitation if user manually browses to directories. Restrict WEBDAV Client service and disable icon display for remote shares. Block .LNK and .PIF files at email gateways and web proxies. For industrial control systems and air-gapped networks, implement strict USB device controls and media scanning before introduction to secured environments. These compensating controls reduce attack surface but cannot substitute for patching, as Windows Explorer icon rendering occurs during normal file browsing operations. Legacy systems unable to receive MS10-046 require isolation or decommissioning.

CVE-2010-2568 vulnerability details – vuln.today

Back

Windows Shell CVE-2010-2568

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code