Internet Explorer Tabular Data Control DataURL memory corruption

Added: 04/22/2010
CVE: CVE-2010-0805
BID: 39025
OSVDB: 63329

Background

Tabular Data Control is an ActiveX control which can be used to display data from a delimited text file.

Problem

A memory corruption vulnerability allows command execution when a user loads a web page which invokes Tabular Data Control with a specially crafted DataURL parameter.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 10-018.

References

http://www.zerodayinitiative.com/advisories/ZDI-10-034/

Limitations

Exploit works on Internet Explorer 6 and requires a user to load the exploit page.

Platforms

Windows

Back to exploit index