CVE-2010-3139

Microsoft Windows Progman Group Converter - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3139. PoCs published by Beenu Arora.

AI-analyzed exploit summary This exploit leverages DLL hijacking in Microsoft Group Convertor by replacing imm.dll with a malicious version. When a .grp file is opened, the malicious DLL executes arbitrary code (calc.exe in this case).

Description

Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Beenu Arora · clocalwindows
https://www.exploit-db.com/exploits/14758

This exploit leverages DLL hijacking in Microsoft Group Convertor by replacing imm.dll with a malicious version. When a .grp file is opened, the malicious DLL executes arbitrary code (calc.exe in this case).

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Group Convertor (Windows XP SP3)
No auth needed
Prerequisites: Ability to place malicious DLL in the same directory as a .grp file · Victim must open the .grp file
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14758
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41136
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2200
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12209
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/67535

Scores

EPSS 0.2392
EPSS Percentile 97.5%

Details

Status published
Products (1)
microsoft/windows
Published Aug 27, 2010
Tracked Since Feb 18, 2026