Published: 13/10/2010 Updated: 07/12/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote malicious users to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft internet_explorer 7
microsoft internet_explorer 8

Core Security Technologies - CoreLabs Advisory corelabscoresecuritycom Microsoft Office HtmlDlgHelper class memory corruption 1 *Advisory Information* Title: Microsoft Office HtmlDlgHelper class memory corruption Advisory Id: CORE-2010-0517 Advisory URL: [wwwcoresecuritycom/content/MS-Office-HtmlDlgHelper ...

Core Security Technologies Advisory - Microsoft Windows is prone to a memory corruption vulnerability when instantiating the 'HtmlDlgHelper Class Object' in a Microsoft Office Document (ie: XLS, DOC) The affected vulnerable module is part of Internet Explorer ('mshtmleddll') This vulnerability could be used by a remote attacker to execute arbi ...

CWE-94 http://www.securityfocus.com/bid/43706 http://support.avaya.com/css/P8/documents/100113324 http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7482 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 https://nvd.nist.gov https://www.exploit-db.com/exploits/15262/

CVE-2010-3329

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect