Lucene search

SAINT CorporationSAINT:E27F1D21004C33594447BCAF51BC4473

HistoryApr 22, 2010 - 12:00 a.m.

Internet Explorer Tabular Data Control DataURL memory corruption

2010-04-2200:00:00

SAINT Corporation

my.saintcorporation.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.972

Percentile

99.8%

JSON

Added: 04/22/2010
CVE: CVE-2010-0805
BID: 39025
OSVDB: 63329

Background

Tabular Data Control is an ActiveX control which can be used to display data from a delimited text file.

Problem

A memory corruption vulnerability allows command execution when a user loads a web page which invokes Tabular Data Control with a specially crafted DataURL parameter.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 10-018.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-034/>

Limitations

Exploit works on Internet Explorer 6 and requires a user to load the exploit page.

Platforms

Windows

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.972

Percentile

99.8%

JSON

Related for SAINT:E27F1D21004C33594447BCAF51BC4473