module
MS10-018 Microsoft Internet Explorer Tabular Data Control ActiveX Memory Corruption
| Disclosed | Created |
|---|---|
| 2010-03-09 | 2018-05-30 |
Disclosed
2010-03-09
Created
2018-05-30
Description
This module exploits a memory corruption vulnerability in the Internet Explorer
Tabular Data ActiveX Control. Microsoft reports that version 5.01 and 6 of Internet
Explorer are vulnerable.
By specifying a long value as the "DataURL" parameter to this control, it is possible
to write a NUL byte outside the bounds of an array. By targeting control flow data
on the stack, an attacker can execute arbitrary code.
Tabular Data ActiveX Control. Microsoft reports that version 5.01 and 6 of Internet
Explorer are vulnerable.
By specifying a long value as the "DataURL" parameter to this control, it is possible
to write a NUL byte outside the bounds of an array. By targeting control flow data
on the stack, an attacker can execute arbitrary code.
Authors
Unknown
jduck jduck@metasploit.com
jduck jduck@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.