CVE-2010-0806
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- March 02, 2010
- Published Date
- March 10, 2010
- Last Updated
- August 07, 2024
- Vendor
- Microsoft
- Product
- Internet Explorer
- Description
- Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
- Tags
- Exploited in the Wild
- Yes (2010-03-10 22:00:00 UTC) Source
metasploit_scanner
CVSS Scores
CVSS v2.0
9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploit Status
References
http://osvdb.org/62810
http://www.us-cert.gov/cas/techalerts/TA10-089A.html
http://www.securityfocus.com/bid/38615
http://www.vupen.com/english/advisories/2010/0567
http://secunia.com/advisories/38860
http://www.us-cert.gov/cas/techalerts/TA10-068A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018
http://www.microsoft.com/technet/security/advisory/981374.mspx
https://exchange.xforce.ibmcloud.com/vulnerabilities/56772
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446
http://www.vupen.com/english/advisories/2010/0744
http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx
http://www.kb.cert.org/vuls/id/744549
Known Exploited Vulnerability Information
Source | Added Date |
---|---|
CVE | 2010-03-10 22:00:00 UTC |
Scanner Integrations
Scanner | URL | Date Detected |
---|---|---|
Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb | 2025-04-29 11:01:32 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
ms10_018_ie_behaviors
Type: metasploit • Created: Unknown
Metasploit module for CVE-2010-0806
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Metasploit