CVE-2010-0805
Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."
El control ActiveX de Tabular Data Control (TDC) en Internet Explorer de Microsoft versiones 5.01 SP4, 6 sobre Windows XP SP2 y SP3, y versión 6 SP1, permite a los atacantes remotos ejecutar código arbitrario por medio de una URL larga (parámetro DataURL) que desencadena corrupción de memoria en la función CTDCCtl::SecurityCHeckDataURL, también se conoce como "Memory Corruption Vulnerability".
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists within the Tabular Data Control ActiveX module. Specifically, if provided a malicious DataURL parameter a stack corruption may occur in the function CTDCCtl::SecurityCHeckDataURL. This can be leveraged to execute arbitrary code under the context of the current user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-03-02 CVE Reserved
- 2010-03-31 CVE Published
- 2010-04-03 First Exploit
- 2024-08-07 CVE Updated
- 2024-08-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1023773 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/510507/100/0/threaded | Mailing List | |
| http://www.us-cert.gov/cas/techalerts/TA10-068A.html | Third Party Advisory | |
| http://www.us-cert.gov/cas/techalerts/TA10-089A.html | Third Party Advisory | |
| http://www.zerodayinitiative.com/advisories/ZDI-10-034 | X_refsource_misc |
|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8080 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/12032 | 2010-04-03 | |
| https://www.exploit-db.com/exploits/16567 | 2010-04-30 |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/39025 | 2021-07-23 | |
| http://www.vupen.com/english/advisories/2010/0744 | 2021-07-23 |
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 | 2021-07-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.01 Search vendor "Microsoft" for product "Internet Explorer" and version "5.01" | sp4 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Affected
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Affected
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2 |
Affected
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp3 |
Affected
|