Microsoft released a patch for CVE-2010-0490. More than 1 year ago I reported this issue to Microsoft.
Finally they fixed the problem.
Bug History:
5-February-2009 – Bug reported to Microsoft Security Response Center
30-March-2010 – Patch for CVE-2010-0490 released