PT-2010-1853 · Microsoft · Paint+4

Tielei Wang

Published

2010-02-10

Updated

2019-02-26

CVE-2010-0028

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Paint versions in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2

Description A remote code execution issue exists in the way Microsoft Paint decodes JPEG images. This could allow remote code execution if a user opens a specially crafted JPEG image file in Microsoft Paint. An attacker who successfully exploits this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts.

Recommendations For Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, update Microsoft Paint to a version that is not affected by this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2010-0028

Affected Products

Paint

Windows

Windows 2000

Windows Server 2003

Windows Xp

PT-2010-1853 · Microsoft · Paint+4

CVE-2010-0028

Weakness Enumeration

Related Identifiers

Affected Products

References · 8