CVE-2010-3329

Microsoft Internet Explorer <8 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3329. PoCs published by Core Security.

AI-analyzed exploit summary This exploit demonstrates a memory corruption vulnerability in Microsoft Office's HtmlDlgHelper class, which can lead to remote code execution when a malicious .XLS or .DOC file is opened. The vulnerability is triggered by instantiating the 'HtmlDlgHelper Class Object' in an Office document, leading to uninitialized memory access in 'mshtmled.dll'.

Description

mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textdoswindows

https://www.exploit-db.com/exploits/15262

View Code ZIP pw:eip

This exploit demonstrates a memory corruption vulnerability in Microsoft Office's HtmlDlgHelper class, which can lead to remote code execution when a malicious .XLS or .DOC file is opened. The vulnerability is triggered by instantiating the 'HtmlDlgHelper Class Object' in an Office document, leading to uninitialized memory access in 'mshtmled.dll'.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Office (Excel 2002/2003), Internet Explorer (mshtmled.dll v7.0.6000.17023, v7.0.6000.17080, v8.0.6001.18000, v8.0.6001.18702)

No auth needed

Prerequisites: User interaction required to open a malicious .XLS or .DOC file

MITRE ATT&CK