Memory Corruption in Microsoft Internet Explorer's ActiveX Control
CVE-2010-0805

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Explorer; Windows 2000
Vendor: CVE Published:; 31 March 2010

Summary

The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer is susceptible to a memory corruption vulnerability. By crafting a long URL that exploits the DataURL parameter, remote attackers can execute arbitrary code. This occurs through a weakness in the CTDCCtl::SecurityCheckDataURL function, which does not properly handle memory allocations, leading to potential security breaches.

References

http://www.securityfocus.com/bid/39025

vdb-entryx_refsource_BID

http://www.us-cert.gov/cas/techalerts/TA10-089A.html

third-party-advisoryx_refsource_CERT

http://www.securityfocus.com/archive/1/510507/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

89% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 31, 2010
Vulnerability Reserved
Mar 2, 2010