CVE-2010-0480

EXPLOITED

Microsoft Windows 2000 - Memory Corruption

Title source: rule

Description

Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/17659

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Abysssec · pythondoswindows

https://www.exploit-db.com/exploits/15096

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Abysssec · pythonremotewindows

https://www.exploit-db.com/exploits/14895

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Yamata Li · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms10_026_avi_nsamplespersec.rb

View Code ZIP pw:eip

References (4)

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA10-103A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-026

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7441

[Third Party Advisory] http://securityreason.com/securityalert/8336

Scores

EPSS 0.8349

EPSS Percentile 99.3%

Details

VulnCheck KEV 2012-10-18

CWE

CWE-119

Status published

Products (6)

microsoft/windows_2000

microsoft/windows_2003_server (2 CPE variants)

microsoft/windows_server_2003

microsoft/windows_server_2008 (6 CPE variants)

microsoft/windows_vista (6 CPE variants)

microsoft/windows_xp (3 CPE variants)

Published Apr 14, 2010

Tracked Since Feb 18, 2026