cbcvebase.
CVE-2010-0265
published 2010-03-10

CVE-2010-0265: Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a…

PriorityP356critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
26.64%
97.8th percentile
Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."

Affected

4 ranges
VendorProductVersion rangeFixed in
microsoftproducer
microsoftwindows_movie_maker
microsoftwindows_movie_maker
microsoftwindows_movie_maker

Detection & IOCsextracted from sources · hover to see the quote

filenameexploit.mswmm
filename.MSWMM
  • Monitor for opening or creation of .MSWMM (Windows Movie Maker project) files from untrusted/remote sources, as exploitation delivers a crafted project file to trigger a buffer overflow leading to arbitrary code execution.
  • Alert on Movie Maker (moviemk.exe) or Producer 2003 processes spawning unexpected child processes, which may indicate successful exploitation via a malicious .MSWMM file.
  • Detect .MSWMM files containing NOP sled byte sequences (0x90 repeated) followed by shellcode payload, as the exploit writes a 12-byte NOP sled padding block before shellcode into the crafted project file.
  • Flag shellcode length checks near 1120 bytes as a boundary indicator; payloads embedded in .MSWMM files at or near this size threshold are characteristic of this exploit.
  • ·The exploit targets specifically Movie Maker versions 2.1, 2.6, and 6.0, and Microsoft Producer 2003; detections scoped to .MSWMM file handling should account for all three Movie Maker versions and Producer 2003.
  • ·The exploit generates the malicious file locally as 'exploit.mswmm'; defenders should consider both file delivery via network (remote attacker scenario) and local file-based attack vectors when tuning detections.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.