Internet Explorer Tabular Data Control DataURL memory corruption

2010-04-22T00:00:00
ID SAINT:9D9172B1B82E1FB6493C75094098ADA3
Type saint
Reporter SAINT Corporation
Modified 2010-04-22T00:00:00

Description

Added: 04/22/2010
CVE: CVE-2010-0805
BID: 39025
OSVDB: 63329

Background

Tabular Data Control is an ActiveX control which can be used to display data from a delimited text file.

Problem

A memory corruption vulnerability allows command execution when a user loads a web page which invokes Tabular Data Control with a specially crafted DataURL parameter.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 10-018.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-034/>

Limitations

Exploit works on Internet Explorer 6 and requires a user to load the exploit page.

Platforms

Windows