CVE-2010-0028

Name of the Vulnerable Software and Affected Versions Microsoft Paint versions in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2

Description A remote code execution issue exists in the way Microsoft Paint decodes JPEG images. This could allow remote code execution if a user opens a specially crafted JPEG image file in Microsoft Paint. An attacker who successfully exploits this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts.

Recommendations For Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, update Microsoft Paint to a version that is not affected by this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.