CVE-2010-0478

Windows 2000 Server SP4 - Remote Code Execution via Crafted Transport Packets

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-0478. PoCs published by Metasploit, including Metasploit module exploits/windows/mmsp/ms10_025_wmss_connect_funnel.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in Windows Media Unicast Service (NUMS.exe) via a crafted FunnelConnect request, allowing arbitrary code execution under the NetShowServices account. It targets Windows 2000 Server with Windows Media Services 4.1.

Description

Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16333

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Windows Media Unicast Service (NUMS.exe) via a crafted FunnelConnect request, allowing arbitrary code execution under the NetShowServices account. It targets Windows 2000 Server with Windows Media Services 4.1.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Windows Media Services 4.1 (NUMS.exe) on Windows 2000 Server

No auth needed

Prerequisites: Network access to port 1755 · Windows Media Services 4.1 installed and running

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mmsp/ms10_025_wmss_connect_funnel.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Windows Media Unicast Service (NUMS.exe) via a crafted FunnelConnect request, allowing arbitrary code execution under the NetShowServices account. The exploit leverages SEH overwrites and precise payload placement to achieve RCE on Windows 2000 SP4.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Windows Media Services 4.1 (NUMS.exe) on Windows 2000 Server

No auth needed

Prerequisites: Network access to TCP port 1755 · Windows Media Services 4.1 installed and running

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-025

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7001

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA10-103A.html

Scores

EPSS 0.6457

EPSS Percentile 99.1%

Details

CWE

CWE-119

Status published

Products (1)

microsoft/windows_2000

Published Apr 14, 2010

Tracked Since Feb 18, 2026