// For flags

CVE-2010-0805

Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."

El control ActiveX de Tabular Data Control (TDC) en Internet Explorer de Microsoft versiones 5.01 SP4, 6 sobre Windows XP SP2 y SP3, y versión 6 SP1, permite a los atacantes remotos ejecutar código arbitrario por medio de una URL larga (parámetro DataURL) que desencadena corrupción de memoria en la función CTDCCtl::SecurityCHeckDataURL, también se conoce como "Memory Corruption Vulnerability".

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists within the Tabular Data Control ActiveX module. Specifically, if provided a malicious DataURL parameter a stack corruption may occur in the function CTDCCtl::SecurityCHeckDataURL. This can be leveraged to execute arbitrary code under the context of the current user.

*Credits: Anonymous
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-03-02 CVE Reserved
  • 2010-03-31 CVE Published
  • 2010-04-03 First Exploit
  • 2024-08-07 CVE Updated
  • 2024-08-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
5.01
Search vendor "Microsoft" for product "Internet Explorer" and version "5.01"
sp4
Affected
in Microsoft
Search vendor "Microsoft"
Windows 2000
Search vendor "Microsoft" for product "Windows 2000"
*sp4
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6
Search vendor "Microsoft" for product "Internet Explorer" and version "6"
sp1
Affected
in Microsoft
Search vendor "Microsoft"
Windows 2000
Search vendor "Microsoft" for product "Windows 2000"
*sp4
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6
Search vendor "Microsoft" for product "Internet Explorer" and version "6"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp2
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6
Search vendor "Microsoft" for product "Internet Explorer" and version "6"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp3
Affected