CVE-2010-3967

Microsoft Windows Movie Maker 2.6 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3967. PoCs published by TheLeader.

AI-analyzed exploit summary This exploit leverages DLL hijacking in Microsoft Windows Movie Maker by placing a malicious hhctrl.ocx in a crafted directory structure, leading to arbitrary code execution (calc.exe) when a .mswmm file is opened.

Description

Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."

Exploits (1)

exploitdb WORKING POC

by TheLeader · clocalwindows

https://www.exploit-db.com/exploits/14731

View Code ZIP pw:eip

This exploit leverages DLL hijacking in Microsoft Windows Movie Maker by placing a malicious hhctrl.ocx in a crafted directory structure, leading to arbitrary code execution (calc.exe) when a .mswmm file is opened.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows Movie Maker <= 2.6.4038.0

No auth needed

Prerequisites: A .mswmm file · Malicious hhctrl.ocx placed in a crafted directory structure

MITRE ATT&CK