CVE-2010-0806

Confirmed PUBLISHED

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers...

Microsoft · Internet Explorer

5928 days faster than CISA KEV

Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
8.8 High EPSS 82.2%

At a Glance

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."

cisa metasploit microsoft
CVE Published
Mar 10, 2010
Exploitation Reported
Mar 10, 2010
CVSS
8.8 High
EPSS
82.2%
Remote Low complexity Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • MS10-018 docs.microsoft.com · Vendor Advisory https://docs.microsoft.com/en-us/security-updates/securitybulletins/2...
  • TA10-089A us-cert.gov · Third-Party Advisory http://www.us-cert.gov/cas/techalerts/TA10-089A.html
  • 38860 secunia.com · Third-Party Advisory http://secunia.com/advisories/38860
  • TA10-068A us-cert.gov · Third-Party Advisory http://www.us-cert.gov/cas/techalerts/TA10-068A.html
  • VU#744549 kb.cert.org · Third-Party Advisory http://www.kb.cert.org/vuls/id/744549
Show 8 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.