CVE-2010-0805

Microsoft Internet Explorer <6 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2010-0805. PoCs published by Metasploit, ZSploit.com, Unknown, jduck, including Metasploit module exploits/windows/browser/ms10_018_ie_tabular_activex.

AI-analyzed exploit summary This Metasploit module exploits a memory corruption vulnerability in the Internet Explorer Tabular Data Control ActiveX (CVE-2010-0805) by overflowing the 'DataURL' parameter to execute arbitrary code via heap spraying and shellcode injection.

Description

The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16567

This Metasploit module exploits a memory corruption vulnerability in the Internet Explorer Tabular Data Control ActiveX (CVE-2010-0805) by overflowing the 'DataURL' parameter to execute arbitrary code via heap spraying and shellcode injection.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Internet Explorer 5.01/6 with Tabular Data Control ActiveX
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be enabled in IE
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by ZSploit.com · htmldoswindows
https://www.exploit-db.com/exploits/12032

This exploit triggers a stack-based buffer overflow in the DataURL parameter of the ActiveX control (clsid:333C7BC4-460F-11D0-BC04-0080C7055A83) by providing an excessively long string, leading to arbitrary code execution. The vulnerability is in the handling of the DataURL parameter, allowing memory corruption.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Internet Explorer with specific ActiveX control
No auth needed
Prerequisites: Victim must visit a malicious webpage using a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by Unknown, jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms10_018_ie_tabular_activex.rb

This Metasploit module exploits a memory corruption vulnerability in the Internet Explorer Tabular Data ActiveX Control (CVE-2010-0805) by writing a NUL byte outside array bounds via a long 'DataURL' parameter, leading to arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 5.01 and 6
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (9)

Core 9
Core References
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39025
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-089A.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/510507/100/0/threaded
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-034
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-068A.html
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0744
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023773
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8080

Scores

EPSS 0.8047
EPSS Percentile 99.6%

Details

CWE
CWE-94
Status published
Products (4)
microsoft/internet_explorer 5.01 sp4
microsoft/internet_explorer 6 sp1 (2 CPE variants)
microsoft/windows_2000
microsoft/windows_xp (2 CPE variants)
Published Mar 31, 2010
Tracked Since Feb 18, 2026