CVE-2010-2745

Microsoft Windows Media Player <12 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2745. PoCs published by Skylined.

AI-analyzed exploit summary This exploit leverages a memory corruption vulnerability in Firefox 3.5.10 and 3.6.6 when handling Windows Media Player (WMP) embeds within popups. The PoC repeatedly reloads the page and injects an EMBED element to trigger the vulnerability, potentially leading to arbitrary code execution.

Description

Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Skylined · htmldoswindows

https://www.exploit-db.com/exploits/15242

View Code ZIP pw:eip

This exploit leverages a memory corruption vulnerability in Firefox 3.5.10 and 3.6.6 when handling Windows Media Player (WMP) embeds within popups. The PoC repeatedly reloads the page and injects an EMBED element to trigger the vulnerability, potentially leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: Firefox 3.5.10 & 3.6.6 with WMP 10 & 11

No auth needed

Prerequisites: Windows XP SP3 with Firefox 3.5.10/3.6.6 and WMP 10/11 installed · User interaction to load the malicious page

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6653

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1024550

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-082

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA10-285A.html

Scores

EPSS 0.2425

EPSS Percentile 97.6%

Details

CWE

CWE-94

Status published

Products (4)

microsoft/windows_media_player 9

microsoft/windows_media_player 10

microsoft/windows_media_player 11

microsoft/windows_media_player 12

Published Oct 13, 2010

Tracked Since Feb 18, 2026