Internet Explorer HTML+TIME element OuterText memory corruption

Added: 12/16/2010
CVE: CVE-2010-3346
BID: 45261
OSVDB: 69829

Background

The HTML+TIME component of Internet Explorer adds timing and media synchronization support to HTML pages.

Problem

A memory corruption vulnerability in the HTML+TIME component allows command execution when a user loads a specially crafted web page in Internet Explorer.

Resolution

Apply the update referenced in Microsoft Security Bulletin 10-090.

References

http://www.zerodayinitiative.com/advisories/ZDI-10-289/

Limitations

Exploit works on Internet Explorer 7 on Windows XP SP3 with security update KB980182, and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows XP

Back to exploit index