cancel
Showing results for 
Search instead for 
Did you mean: 

exploit-cve2010-2568

Anyone else getting slammed with these VSE alerts? I notice McAfee has updated this exploit in the 6506 DAT update, and since then, our On Demand Scans have been triggering on what appears to be .lnk files. We believe them to be false positive, just wanted to see if anyone else out there was experiencing the same VSE behavior.

7 Replies

Re: exploit-cve2010-2568

You could upload the suspected LNK file to http://www.virustotal.com and see if any other vendor also detects a threat ... this will get you more info if its a false-positiv or not ...

Regards Tom

Re: exploit-cve2010-2568

We did this, and 2 out of 48 AntiViruses have identified this as malicious. eSafe and McAfee. We have found this to be not malicious. We are seeing a high number of these events. I believe whatever changes were made during the update of 6506 DAT released on 21 OCT 2011 are causing these to appear.

It would be interesting to see if anyone else is seeing this behavior.

Re: exploit-cve2010-2568

Also had a detection of this on a .LNK file using McAfee with DAT 6509. I will be submitting to McAfee for analysis.

Re: exploit-cve2010-2568

We have about 1000 customers with McAfee VSE and so far did not get any questions on this event - but could be that they do not realize it at all

Regards Tom

Re: exploit-cve2010-2568

I am getting slammed with this as well, for me it started with DAT 6505.  I have daily on demand scans running and it first began detecting this over the weekend. between the 21st/22nd.  I have submitted 2 of the .lnk files to McAfee for further evaluation.

Re: exploit-cve2010-2568

Looks like a scan with  DAT 6510 results in nothing being found.  I downloaded the latest DAT after submitting to Virus Total again and this time McAfee did not detect anything.  I still havent gotten the official response from McAfee but more proof that it was a false positive really isnt needed when the files that scanned positive yesterday do not scan positive today after only updating the DAT.

Re: exploit-cve2010-2568

Yeah, looks like in the 6510 DAT release notes, they addressed this exploit again. Likely fixed whatever was messed up.