Integer Overflow Vulnerability in Microsoft Paint Affects Windows OS
CVE-2010-0028

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp; Windows 2000; Windows Server 2003
Vendor: CVE Published:; 10 February 2010

What is CVE-2010-0028?

An integer overflow vulnerability exists in Microsoft Paint, which affects several versions of Windows operating systems. This flaw enables remote attackers to execute arbitrary code by sending a specially crafted JPEG file to the affected systems. The vulnerability primarily affects users of Windows 2000 SP4, Windows XP SP2, and SP3, as well as Windows Server 2003 SP2, leaving them exposed to malicious exploits.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA10-040A.html

third-party-advisoryx_refsource_CERT

EPSS Score

69% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2010
Vulnerability Reserved
Dec 14, 2009