Lucene search

K
saintSAINT CorporationSAINT:50FD83D05F9755C6A85B0AE9560D6E3E
HistoryDec 16, 2010 - 12:00 a.m.

Internet Explorer HTML+TIME element OuterText memory corruption

2010-12-1600:00:00
SAINT Corporation
www.saintcorporation.com
17

0.956 High

EPSS

Percentile

99.2%

Added: 12/16/2010
CVE: CVE-2010-3346
BID: 45261
OSVDB: 69829

Background

The HTML+TIME component of Internet Explorer adds timing and media synchronization support to HTML pages.

Problem

A memory corruption vulnerability in the HTML+TIME component allows command execution when a user loads a specially crafted web page in Internet Explorer.

Resolution

Apply the update referenced in Microsoft Security Bulletin 10-090.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-289/&gt;

Limitations

Exploit works on Internet Explorer 7 on Windows XP SP3 with security update KB980182, and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows XP

0.956 High

EPSS

Percentile

99.2%