Added: 12/16/2010
CVE: CVE-2010-3346
BID: 45261
OSVDB: 69829
The HTML+TIME component of Internet Explorer adds timing and media synchronization support to HTML pages.
A memory corruption vulnerability in the HTML+TIME component allows command execution when a user loads a specially crafted web page in Internet Explorer.
Apply the update referenced in Microsoft Security Bulletin 10-090.
<http://www.zerodayinitiative.com/advisories/ZDI-10-289/>
Exploit works on Internet Explorer 7 on Windows XP SP3 with security update KB980182, and requires a user to load the exploit page in Internet Explorer.
Windows XP