CVE-2010-0028

EXPLOITED

Microsoft Paint - Remote Code Execution via Crafted JPEG File

Title source: llm

Exploitation Summary

CVE-2010-0028 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including unsign.

AI-analyzed exploit summary This exploit targets an integer overflow vulnerability in Microsoft Paint (MS10-005) by crafting a malicious JPEG file with an abnormally large image size (37838x37838). The PoC generates a file that triggers a crash in MS Paint on Windows XP SP2/SP3.

Description

Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by unsign · perldoswindows

https://www.exploit-db.com/exploits/12518

View Code ZIP pw:eip

This exploit targets an integer overflow vulnerability in Microsoft Paint (MS10-005) by crafting a malicious JPEG file with an abnormally large image size (37838x37838). The PoC generates a file that triggers a crash in MS Paint on Windows XP SP2/SP3.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Paint (Windows XP SP2/SP3)

No auth needed

Prerequisites: Access to write a file on the target system · Target system running vulnerable version of Microsoft Paint

MITRE ATT&CK

T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-005

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8429

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA10-040A.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36634

Scores

EPSS 0.7372

EPSS Percentile 98.8%

Details

VulnCheck KEV 2012-10-18

CWE

CWE-189

Status published

Products (3)

microsoft/windows_2000

microsoft/windows_server_2003

microsoft/windows_xp (3 CPE variants)

Published Feb 10, 2010

Tracked Since Feb 18, 2026