Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0805 — Code Injection in Microsoft Internet Explorer

CWE-94 — Code Injection7 documents6 sources

Severity

9.3CRITICALNVD

EPSS

86.1%

top 0.60%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer

Timeline

PublishedMar 31

Latest updateMay 2

Description

The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer5.01, 6+1

Patches

Patch: www.securityfocus.com ↗Patch: www.vupen.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-3cff-26h6-w48r: The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5↗2022-05-02

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer - Tabular Data Control ActiveX Memory Corruption (MS10-018) (Metasploit)↗2010-04-30

▶

Exploit-DB

Microsoft Internet Explorer Tabular Data Control - ActiveX Remote Code Execution↗2010-04-03

▶

Metasploit

MS10-018 Microsoft Internet Explorer Tabular Data Control ActiveX Memory Corruption↗

▶

🔍Detection Rules

Suricata

ET ACTIVEX Microsoft Internet Explorer Tabular DataURL ActiveX Control Memory Corruption Attempt↗2010-07-30

▶

YARA

MSIETabularActivex↗

▶