cbcvebase.
CVE-2010-2553
published 2010-08-11

CVE-2010-2553: The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote…

PriorityP266critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
30.89%
98.0th percentile
The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability."

Detection & IOCsextracted from sources · hover to see the quote

filenameiccvid.dll
  • Crafted AVI file with malformed Cinepak codec data triggers heap overflow in iccvid.dll; look for AVI files with anomalous 'number_of_coded_strips' field (e.g. 0x0010 = 16 strips) combined with undersized strip data.
  • Malicious AVI contains the 'cvid' FourCC in the stream format header, identifying Cinepak-encoded video; inspect BITMAPINFOHEADER compression field for 0x64697663 ('cvid').
  • Exploit generates a crafted AVI with RIFF/AVI headers, a 'movi' LIST chunk containing a '00dc' video chunk, and an 'idx1' index; detect AVI files where Cinepak frame header declares dimensions inconsistent with strip data size.
  • The vulnerability is in the CVDecompress function of iccvid.dll; monitor for heap corruption exceptions originating from iccvid.dll during media file decompression.
  • ·Proof-of-concept targets iccvid.dll on Windows XP SP3 specifically; exploit reliability and heap spray offsets may differ on Windows Vista SP1/SP2 and Windows 7.
  • ·DOC 3 (exploit-db 15122) references a separate MSHTML findText vulnerability in Internet Explorer and is unrelated to CVE-2010-2553; no operational IOCs from that source apply to this CVE.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.