cbcvebase.
CVE-2010-0805
published 2010-03-31

CVE-2010-0805: The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to…

PriorityP266critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
80.60%
99.6th percentile
The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

other333C7BC4-460F-11D0-BC04-0080C7055A83
yara
rule MSIETabularActivex
{
 meta:
 ref = "CVE-2010-0805"
 impact = 7
 hide = true
 author = "@d3t0n4t0r"
 strings:
 $cve20100805_1 = "333C7BC4-460F-11D0-BC04-0080C7055A83" nocase fullword
 $cve20100805_2 = "DataURL" nocase fullword
 $cve20100805_3 = "true"
 condition:
 ($cve20100805_1 and $cve20100805_3) or (all of them)
}
  • Heap spray pattern: exploit uses return address 0x0c0c0c0c repeated and doubled in a loop — look for this value in memory or network content.
  • Metasploit module sets InitialAutoRunScript to 'migrate -f', causing the payload process to migrate immediately after execution — monitor for unexpected process migration behaviour following iexplore.exe activity.
  • Vulnerability is triggered via the DataURL parameter of the TDC ActiveX control; a long URL value causes a NUL byte write outside array bounds in CTDCCtl::SecurityCHeckDataURL — flag unusually long DataURL attribute values in HTML.
  • ·Exploit only affects Internet Explorer 5.01 SP4, IE 6 on Windows XP SP2/SP3, and IE 6 SP1; later IE versions are not listed as vulnerable.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.