CVE-2010-2745

Microsoft Windows Media Player <12 - Code Injection

Title source: llm

Description

Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Skylined · htmldoswindows

https://www.exploit-db.com/exploits/15242

View Code ZIP pw:eip

References (4)

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA10-285A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-082

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6653

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1024550

Scores

EPSS 0.5969

EPSS Percentile 98.3%

Details

CWE

CWE-94

Status published

Products (4)

microsoft/windows_media_player 9

microsoft/windows_media_player 10

microsoft/windows_media_player 11

microsoft/windows_media_player 12

Published Oct 13, 2010

Tracked Since Feb 18, 2026