| VID |
26519 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix (MS10-046, 2286198) for 'Vulnerability in Windows Shell Could Allow Remote Code Execution' has not been applied.
This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by correcting validation of shortcut icon references.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx
* Platforms Affected:
All version after Windows XP SP3 |
| Recommendation |
Apply the appropriate patch (2286198) for your system, as listed in Microsoft Security Bulletin MS10-046 at http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx |
| Related URL |
CVE-2010-2568 (CVE) |
| Related URL |
41732 (SecurityFocus) |
| Related URL |
(ISS) |
|
