CVE-2010-0805 - OpenCVE

The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Internet Explorer Windows 2000 Windows Xp

Configuration 1 [-]

AND

OR	cpe:2.3:a:microsoft:internet_explorer:5.01:sp4::::::
	cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::

cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp::sp3::::::*

No data.

References

Link	Providers
http://securitytracker.com/id?1023773
http://www.securityfocus.com/archive/1/510507/100/0/threaded
http://www.securityfocus.com/bid/39025
http://www.us-cert.gov/cas/techalerts/TA10-068A.html
http://www.us-cert.gov/cas/techalerts/TA10-089A.html
http://www.vupen.com/english/advisories/2010/0744
http://www.zerodayinitiative.com/advisories/ZDI-10-034
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8080

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2010-03-31T19:00:00

Updated: 2024-08-07T00:59:39.308Z

Reserved: 2010-03-02T00:00:00

Link: CVE-2010-0805

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-03-31T19:30:00.577

Modified: 2021-07-23T12:19:09.200

Link: CVE-2010-0805

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-03-30T00:00:00", "descriptions": [{"lang": "en", "value": "The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka \"Memory Corruption Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "39025", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/39025"}, {"name": "TA10-089A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"}, {"name": "20100402 ZDI-10-034: Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/510507/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-034"}, {"name": "TA10-068A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"}, {"name": "MS10-018", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"}, {"name": "ADV-2010-0744", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0744"}, {"name": "1023773", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1023773"}, {"name": "oval:org.mitre.oval:def:8080", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8080"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2010-0805", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka \"Memory Corruption Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "39025", "refsource": "BID", "url": "http://www.securityfocus.com/bid/39025"}, {"name": "TA10-089A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"}, {"name": "20100402 ZDI-10-034: Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/510507/100/0/threaded"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-034", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-034"}, {"name": "TA10-068A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"}, {"name": "MS10-018", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"}, {"name": "ADV-2010-0744", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0744"}, {"name": "1023773", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1023773"}, {"name": "oval:org.mitre.oval:def:8080", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8080"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:59:39.308Z"}, "title": "CVE Program Container", "references": [{"name": "39025", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/39025"}, {"name": "TA10-089A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"}, {"name": "20100402 ZDI-10-034: Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/510507/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-034"}, {"name": "TA10-068A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"}, {"name": "MS10-018", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"}, {"name": "ADV-2010-0744", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0744"}, {"name": "1023773", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1023773"}, {"name": "oval:org.mitre.oval:def:8080", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8080"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2010-0805", "datePublished": "2010-03-31T19:00:00", "dateReserved": "2010-03-02T00:00:00", "dateUpdated": "2024-08-07T00:59:39.308Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka \"Memory Corruption Vulnerability.\""}, {"lang": "es", "value": "El control ActiveX de Tabular Data Control (TDC) en Internet Explorer de Microsoft versiones 5.01 SP4, 6 sobre Windows XP SP2 y SP3, y versi\u00f3n 6 SP1, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una URL larga (par\u00e1metro DataURL) que desencadena corrupci\u00f3n de memoria en la funci\u00f3n CTDCCtl::SecurityCHeckDataURL, tambi\u00e9n se conoce como \"Memory Corruption Vulnerability\"."}], "evaluatorImpact": "Per: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx\r\n\r\n'Internet Explorer 7 and Internet Explorer 8 are not affected by this vulnerability.'", "id": "CVE-2010-0805", "lastModified": "2021-07-23T12:19:09.200", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-03-31T19:30:00.577", "references": [{"source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1023773"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/510507/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/39025"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0744"}, {"source": "secure@microsoft.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-034"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8080"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}