← back
CVE-2010-0806

CVE-2010-0806

CVSS 8.8 HIGHEPSS 82.0%● KEVCWE-416
In short

Internet Explorer versions 6 and 7 have a flaw where deleted objects in memory can still be accessed, allowing attackers to run malicious code through specially crafted web pages.

Technical detail

Use-after-free vulnerability in iepeers.dll allows remote attackers to execute arbitrary code by accessing invalid memory pointers after object deletion. Exploitation requires user interaction (visiting a malicious webpage), and successful exploitation grants code execution with user privileges.

Summary generated and translated by AI from the official description.
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/11683unverifiedexploitdbwww.exploit-db.com/exploits/16590unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspxhttp://osvdb.org/62810https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018http://secunia.com/advisories/38860https://exchange.xforce.ibmcloud.com/vulnerabilities/56772https://learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0806http://www.kb.cert.org/vuls/id/744549http://www.microsoft.com/technet/security/advisory/981374.mspxhttp://www.securityfocus.com/bid/38615http://www.us-cert.gov/cas/techalerts/TA10-068A.html