CVE-2010-2746

Microsoft Windows XP-7 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2746. PoCs published by Nephi Johnson.

AI-analyzed exploit summary This Ruby script exploits CVE-2010-2746, a heap overflow vulnerability in Microsoft XML Core Services (MSXML) via a malformed SVG file. It serves a crafted SVG and HTML page to trigger the vulnerability, executing shellcode (calc.exe) when rendered in a vulnerable browser.

Description

Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nephi Johnson · rubyremotewindows

https://www.exploit-db.com/exploits/15963

View Code ZIP pw:eip

This Ruby script exploits CVE-2010-2746, a heap overflow vulnerability in Microsoft XML Core Services (MSXML) via a malformed SVG file. It serves a crafted SVG and HTML page to trigger the vulnerability, executing shellcode (calc.exe) when rendered in a vulnerable browser.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft XML Core Services (MSXML) 3.0, 4.0, and 6.0

No auth needed

Prerequisites: Vulnerable version of MSXML installed · Victim must visit the malicious server or open the crafted SVG/HTML

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1024549

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7272

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA10-285A.html

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-081

Scores

EPSS 0.7372

EPSS Percentile 98.8%

Details

CWE

CWE-119

Status published

Products (7)

microsoft/windows_2003_server

microsoft/windows_7 (2 CPE variants)

microsoft/windows_server_2003

microsoft/windows_server_2008 (6 CPE variants)

microsoft/windows_server_2008 r2 (2 CPE variants)

microsoft/windows_vista (2 CPE variants)

microsoft/windows_xp (2 CPE variants)

Published Oct 13, 2010

Tracked Since Feb 18, 2026