CVE-2010-2553

Windows XP SP2/SP3, Vista SP1/SP2, and Windows 7 - Remote Code Execution via Crafted Media File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2010-2553. PoCs published by Abysssec, Sunqiz.

AI-analyzed exploit summary This exploit leverages a use-after-free vulnerability in Microsoft Internet Explorer's mshtml.dll via the `findText` method on a `TextRange` object. The PoC triggers a crash by manipulating DOM elements and calling `findText` with a Unicode string, demonstrating the vulnerability.

Description

The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability."

Exploits (3)

exploitdb WORKING POC VERIFIED
by Abysssec · htmldoswindows
https://www.exploit-db.com/exploits/15122

This exploit leverages a use-after-free vulnerability in Microsoft Internet Explorer's mshtml.dll via the `findText` method on a `TextRange` object. The PoC triggers a crash by manipulating DOM elements and calling `findText` with a Unicode string, demonstrating the vulnerability.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Internet Explorer (versions prior to patch for CVE-2010-2553)
No auth needed
Prerequisites: Victim must visit a malicious webpage using a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Abysssec · pythondoswindows
https://www.exploit-db.com/exploits/15112

This exploit generates a malformed AVI file targeting a heap overflow vulnerability in the Microsoft Cinepak Codec (CVE-2010-2553). The crafted file can trigger remote code execution when processed by vulnerable systems.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Cinepak Codec (iccvid.dll) on Windows XP SP3
No auth needed
Prerequisites: Vulnerable version of Microsoft Cinepak Codec · User interaction to open the malformed AVI file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by Sunqiz · poc
https://github.com/Sunqiz/cve-2010-2553-reproduction

This repository provides a detailed technical analysis and reproduction steps for CVE-2010-2553, a heap overflow vulnerability in Microsoft Media Player. It includes debugging steps, memory analysis, and stack traces to demonstrate the vulnerability.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft Media Player 10.00.00.3802
No auth needed
Prerequisites: Windows XP Professional with Service Pack 3 (x86) · Microsoft Media Player 10 · Debugging tools like WinDbg and IDA Pro
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11773

Scores

EPSS 0.3090
EPSS Percentile 98.0%

Details

CWE
CWE-94
Status published
Products (3)
microsoft/windows_7 (2 CPE variants)
microsoft/windows_vista (4 CPE variants)
microsoft/windows_xp (2 CPE variants)
Published Aug 11, 2010
Tracked Since Feb 18, 2026