CVE-2010-0268

Microsoft Windows Media Player Codec Retrieval Dangling Pointer Remote Code Execution Vulnerability

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."

Vulnerabilidad no especificada en el control ActiveX de Windows Media Player (WMP) 9 en Microsoft Windows 2000 SP4 y XP SP2 y SP3 permite a atacantes remotos ejecutar código de su elección a través de contenido media manipulada, conocido como "Media Player Remote Code Execution Vulnerability."

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
The specific flaw exists within the functionality for retrieving a codec for an unknown fourCC compression code. If an embedded Windows Media Player control attempts to play a media file containing an unknown codec it makes a request to Microsoft to retrieve the necessary capability. If the control is removed from the page while attempting to do this, cleanup routines will call an already freed pointer. An attacker can leverage this to execute arbitrary code under the context of the user running the browser.

*Credits: Anonymous

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-01-07 CVE Reserved
2010-04-13 CVE Published
2024-08-07 CVE Updated
2024-11-22 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
http://www.us-cert.gov/cas/techalerts/TA10-103A.html	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7281	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-027	2018-10-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"	Windows Media Player Search vendor "Microsoft" for product "Windows Media Player"	9 Search vendor "Microsoft" for product "Windows Media Player" and version "9"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 2000 Search vendor "Microsoft" for product "Windows 2000"	*	sp4	Affected
Microsoft Search vendor "Microsoft"	Windows Media Player Search vendor "Microsoft" for product "Windows Media Player"	9 Search vendor "Microsoft" for product "Windows Media Player" and version "9"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp2	Affected
Microsoft Search vendor "Microsoft"	Windows Media Player Search vendor "Microsoft" for product "Windows Media Player"	9 Search vendor "Microsoft" for product "Windows Media Player" and version "9"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp3	Affected