Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2010-0806
PUBLISHEDUse-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers...
5928 days faster than CISA KEV
- Vendor
- Microsoft
- Product
- Internet Explorer
- Published
- Mar 10, 2010
- EPSS
- 87.3% · 99% pctl
Automate this intelligence with the Pro API
Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.
Description
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitation status
Exploited in the wild
Recorded 2010-03-10 22:00:00 UTC · CVE
Proof of concept available
Recorded 2025-04-28 15:02:40 UTC
References
- http://osvdb.org/62810
- http://www.us-cert.gov/cas/techalerts/TA10-089A.html
- http://www.securityfocus.com/bid/38615
- http://www.vupen.com/english/advisories/2010/0567
- http://secunia.com/advisories/38860
- http://www.us-cert.gov/cas/techalerts/TA10-068A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018
- http://www.microsoft.com/technet/security/advisory/981374.mspx
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56772
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446
- http://www.vupen.com/english/advisories/2010/0744
- http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx
- http://www.kb.cert.org/vuls/id/744549
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CVE First | 2010-03-10 22:00 UTC |
| CISA | 2026-06-02 14:00 UTC |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb | Apr 28, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Proof of Concept Exploit Available
-
Detected by Metasploit
-
KEV confirmed by CISA