CVE-2010-0028
published 2010-02-10CVE-2010-0028: Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted…
PriorityP273critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
48.45%
98.7th percentile
Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
93 CE 93 CE
- →Detect crafted JPEG files with an oversized image dimension field (37838x37838, bytes 0x93CE 0x93CE in the SOF0 marker width/height fields) targeting Microsoft Paint integer overflow (MS10-005). ↗
- →The malicious JPEG begins with a standard JFIF header (FF D8 FF E0) followed by an Exif segment (FF E1 ... 45 78 69 66) and a crafted DQT/SOF0 sequence; inspect JPEG files opened in mspaint.exe for anomalously large SOF0 dimension values causing integer overflow. ↗
- →Monitor mspaint.exe (version 5.1.2600.2180) for crashes or abnormal memory allocation when opening JPEG files, as the PoC targets this specific version on Windows XP SP2/SP3. ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2gfq-wp47-xc5f: Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a c
ghsa_unreviewed·2022-05-02
CVE-2010-0028 [HIGH] GHSA-2gfq-wp47-xc5f: Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a c
Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
VulnCheck
MS Paint Integer Overflow Vulnerability
vulncheck·2010·CVSS 9.3
CVE-2010-0028 [CRITICAL] MS Paint Integer Overflow Vulnerability
MS Paint Integer Overflow Vulnerability
Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
Suricata
GPL RPC portmap proxy integer overflow attempt TCP
suricata·2010-09-23
CVE-2003-0028 GPL RPC portmap proxy integer overflow attempt TCP
GPL RPC portmap proxy integer overflow attempt TCP
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"GPL RPC portmap proxy integer overflow attempt TCP"; flow:established,to_server; content:"|00 01 86 A0 00|"; depth:5; offset:16; content:"|00 00 00 05|"; within:4; distance:3; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; byte_test:4,>,2048,12,relative; content:"|00 00 00 00|"; depth:4; offset:8; reference:bugtraq,7123; reference:cve,2003-0028; classtype:rpc-portmap-decode; sid:2102093; rev:7; metadata:created_at 2010_09_23, cve CVE_2003_0028, confidence Medium, signature_severity Informational, updated_at 2024_03_08;)
http://secunia.com/advisories/36634http://www.us-cert.gov/cas/techalerts/TA10-040A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-005https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8429http://secunia.com/advisories/36634http://www.us-cert.gov/cas/techalerts/TA10-040A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-005https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8429
2010-02-10
Published
Exploited in the wild