CVE-2010-0806
published 2010-03-10CVE-2010-0806: Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute…
PriorityP185high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2026-06-03
Exploited in the wild
EPSS
82.17%
99.6th percentile
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target IE versions are 6 and 7 only; IE 8 and IE 5 are not affected. Inspect User-Agent strings for MSIE 6.0 or MSIE 7.0 in requests to detect exploitation attempts. ↗
- →Exploit delivery uses heap spray with NOP sled targeting address 0x0C0C0C0C; monitor for large JavaScript array allocations filling memory with repeated 0x0C0C0C0C patterns. ↗
- →Exploit HTML pages use DHTML behaviors (e.g., userData behavior via 'behavior: url(#default#userData)') combined with setAttribute to trigger the use-after-free; detect HTML responses containing this behavior pattern delivered to IE 6/7 clients. ↗
- →Attackers combine CVE-2010-0806 and CVE-2010-3962 exploits into a single HTML/JS file to increase success rate against IE 6 and 7; look for pages serving both exploit patterns together. ↗
- →Exploit payload uses JavaScript variable name randomization and obfuscation; detect unescape() heap spray patterns in JavaScript delivered to IE clients as a behavioral indicator. ↗
- →Hosting multiple malicious domains on a single IP is a noted attacker TTP; pivot on the IP of dxcdfghg.com to identify co-hosted malicious infrastructure. ↗
- ·The Metasploit module uses randomized JavaScript variable names on every request, making static string-based signatures unreliable; behavioral or heuristic detection is required. ↗
- ·The exploit targets only Windows platforms; the Metasploit module's platform is set to 'win', so non-Windows IE clients are not at risk. ↗
- ·Payload bad characters include null bytes and common whitespace/quote characters, meaning encoded shellcode will never contain these bytes; signature rules must account for encoded (unescape'd) shellcode format. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Internet Explorer 6/7 resource management (VU#744549 / Nessus ID 800176)
vuldb·2026-05-20·CVSS 8.8
CVE-2010-0806 [HIGH] Microsoft Internet Explorer 6/7 resource management (VU#744549 / Nessus ID 800176)
A vulnerability, which was classified as very critical, was found in Microsoft Internet Explorer 6/7. This impacts an unknown function. Executing a manipulation can lead to improper resource management.
This vulnerability is registered as CVE-2010-0806. It is possible to launch the attack remotely. Furthermore, an exploit is available.
You should upgrade the affected component.
GHSA
GHSA-f5rx-x946-jm33: Use-after-free vulnerability in the Peer Objects component (aka iepeers
ghsa_unreviewed·2022-05-02
CVE-2010-0806 [HIGH] GHSA-f5rx-x946-jm33: Use-after-free vulnerability in the Peer Objects component (aka iepeers
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
VulnCheck
Microsoft Internet Explorer iepeers.dll Uninitialized Memory Corruption
vulncheck·2010·CVSS 9.3
CVE-2010-0806 [CRITICAL] Microsoft Internet Explorer iepeers.dll Uninitialized Memory Corruption
Microsoft Internet Explorer iepeers.dll Uninitialized Memory Corruption
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
Affected: Microsoft Internet Explorer
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2010-0806; https://www.virusbulletin.com/virusbulletin/2010/05/exploit-kit-explosion-part-two-vectors-attack/; https:
CISA
Microsoft Internet Explorer Use-After-Free Vulnerability
cisa·2026-05-20·CVSS 8.8
CVE-2010-0806 [HIGH] CWE-399 Microsoft Internet Explorer Use-After-Free Vulnerability
Vulnerability: Microsoft Internet Explorer Use-After-Free Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://learn.microsoft.com/en-us/security-updates/securityadvisories/2010/981374 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0806
Remediation Due Date: 2026-06
No detection rules found.
Exploit-DB
Microsoft Internet Explorer - DHTML Behaviour Use-After-Free (MS10-018) (Metasploit)
exploitdb·2010-12-14
CVE-2010-0806 Microsoft Internet Explorer - DHTML Behaviour Use-After-Free (MS10-018) (Metasploit)
Microsoft Internet Explorer - DHTML Behaviour Use-After-Free (MS10-018) (Metasploit)
---
##
# $Id: ms10_018_ie_behaviors.rb 11333 2010-12-14 18:53:22Z egypt $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
##
# originally ie_iepeers_pointer.rb
#
# Microsoft Internet Explorer iepeers.dll use-after-free exploit for the Metasploit Framework
#
# Tested successfully on the following platforms:
# - Microsoft Internet Explorer 7, Windows Vista SP2
# - Microsoft Internet Explorer 7, Windows XP SP3
# - Microsoft Internet Explorer 6, Windows XP SP3
#
# Exploit found in-the-wild. For addi
Exploit-DB
Microsoft Internet Explorer - 'iepeers.dll' Use-After-Free (Metasploit)
exploitdb·2010-03-10
CVE-2010-0806 Microsoft Internet Explorer - 'iepeers.dll' Use-After-Free (Metasploit)
Microsoft Internet Explorer - 'iepeers.dll' Use-After-Free (Metasploit)
---
##
# ie_iepeers_pointer.rb
#
# Microsoft Internet Explorer iepeers.dll use-after-free exploit for the Metasploit Framework
#
# Tested successfully on the following platforms:
# - Microsoft Internet Explorer 7, Windows Vista SP2
# - Microsoft Internet Explorer 7, Windows XP SP3
# - Microsoft Internet Explorer 6, Windows XP SP3
#
# Exploit found in-the-wild. For additional details:
# http://www.rec-sec.com/2010/03/10/internet-explorer-iepeers-use-after-free-exploit/
#
# Trancer
# http://www.rec-sec.com
##
require 'msf/core'
class Metasploit3 'Microsoft Internet Explorer iepeers.dll use-after-free',
'Description' => %q{
This module exploits a use-after-free vulnerability within iepeers.dll of
Microsoft Internet Ex
Metasploit
MS10-018 Microsoft Internet Explorer DHTML Behaviors Use After Free
metasploit
MS10-018 Microsoft Internet Explorer DHTML Behaviors Use After Free
MS10-018 Microsoft Internet Explorer DHTML Behaviors Use After Free
This module exploits a use-after-free vulnerability within the DHTML behaviors functionality of Microsoft Internet Explorer versions 6 and 7. This bug was discovered being used in-the-wild and was previously known as the "iepeers" vulnerability. The name comes from Microsoft's suggested workaround to block access to the iepeers.dll file. According to Nico Waisman, "The bug itself is when trying to persist an object using the setAttribute, which end up calling VariantChangeTypeEx with both the source and the destination being the same variant. So if you send as a variant an IDISPATCH the algorithm will try to do a VariantClear of the destination before using it. This will end up on a call to PlainRelease which deref the re
Hackernews
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
blogs_hackernews·2026-05-21·CVSS 7.8
CVE-2026-41091 [HIGH] Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild.
The former, tracked as CVE-2026-41091 , is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges.
"Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally," Microsoft said in an advisory.
The second vulnerability under exploitation is CVE-2026-45498 (CVSS score:
Unit42
Web-Based Threats: First Half 2019
blogs_unit42·2019-11-01
Web-Based Threats: First Half 2019
Threat Research Center
Trend Reports
Malware
## Web-Based Threats: First Half 2019
Fang Liu
Tao Yan
Jin Chen
Rongbo Shao
Zhanglin He
Bo Qu
Published: November 1, 2019
Malware
Trend Reports
Vulnerabilities
ELink
Exploit Kits
Malicious Domains
Malicious URL
Phishing
## Executive Summary
Our Unit 42 research team routinely evaluates the data from our Email Link Analysis (ELINK) system . In examining the data we collect, which includes URLs extracted from emails or submitted by API, we can identify patterns and trends which helps us discern prevalent web threats. This blog is the fifth installment in a series of posts tracking web-based threats over time, specifically, statistics pertaining to malicious URLs, domains, exploit kits, vulnerabilities, and phishing scams.
Unit42
Web-Based Threats: First Half 2019
blogs_unit42·2019-11-01
Web-Based Threats: First Half 2019
# Executive Summary
Our Unit 42 research team routinely evaluates the data from our Email Link Analysis (ELINK) system. In examining the data we collect, which includes URLs extracted from emails or submitted by API, we can identify patterns and trends which helps us discern prevalent web threats. This blog is the fifth installment in a series of posts tracking web-based threats over time, specifically, statistics pertaining to malicious URLs, domains, exploit kits, vulnerabilities, and phishing scams.
We observed a significant decrease in the activity of the Fallout exploit kit in the first quarter of 2019 while at the same time observing an increase in activity of the Kaixin exploit kit in the second quarter. Kaixin is primarily observed hosted in China and with the increased popularit
Unit42
Web-based Threats-2018 Q3: Malicious URLs and Domains take a Dip
blogs_unit42·2018-12-27·CVSS 9.8
[CRITICAL] Web-based Threats-2018 Q3: Malicious URLs and Domains take a Dip
# Executive Summary
Our Email Link Analysis (ELINK) system is routinely reviewed by our Unit 42 research team. In examining the data it collects, patterns and trends are discovered which helps us discern prevalent web threats. This blog is the third (3rd quarter of 2018) in a series of posts tracking web-based threats throughout the year, specifically statistics pertaining to malicious URLs, domains, exploit kits, and CVEs.
During Quarter 3 (Q3), July – September, a notable shift occurred with the malicious URL and domain data; there was a significant drop in the number of malicious URLs as well as a drop in malicious domains that will be discussed below. In addition, we will be covering an interesting malicious Flash SWF that exploits CVE-2015-5119.
# URLs
Based on our analysis of dat
Unit42
Web-based Threats-2018 Q3: Malicious URLs and Domains take a Dip
blogs_unit42·2018-12-27·CVSS 9.8
CVE-2015-5119 [CRITICAL] Web-based Threats-2018 Q3: Malicious URLs and Domains take a Dip
Threat Research Center
Trend Reports
Malware
## Web-based Threats-2018 Q3: Malicious URLs and Domains take a Dip
Bo Qu
Tao Yan
Rongbo Shao
Zhanglin He
Xingyu Jin
Published: December 27, 2018
Malware
Trend Reports
Vulnerabilities
CVE-2015-5119
ELink
## Executive Summary
Our Email Link Analysis (ELINK) system is routinely reviewed by our Unit 42 research team. In examining the data it collects, patterns and trends are discovered which helps us discern prevalent web threats. This blog is the third (3rd quarter of 2018) in a series of posts tracking web-based threats throughout the year, specifically statistics pertaining to malicious URLs, domains, exploit kits, and CVEs.
During Quarter 3 (Q3), July – September, a notable shift occurred with the malicious URL and domain d
Qualys
US-CERT: Top 30 Vulnerabilities | Qualys
blogs_qualys·2015-05-01·CVSS 2.6
[LOW] US-CERT: Top 30 Vulnerabilities | Qualys
On April 29, 2015 US-CERT published TA15-119A which describes the Top 30 vulnerabilities that critical infrastructure organizations should focus on because they are under attack all the time. The list contains Windows, Internet Explorer, Adobe Software from Reader, Flash to Cold Fusion, Java from Oracle and others and is quite similar to the more generic set of software packages published by the German BSI last December.
Here is a list of the vulnerabilities in the advisory. I have reordered and optimized where possible for efficient scanning with Qualys, for example listing the most recent patch first to take advantage of superseding patches:
- Windows: MS14-060 for CVE-2014-4114, Qualys ID: 90979
- Internet Explorer: MS14-021 for CVE-2014-1776, Qualys ID: 100191
- MS14-012 for CVE-201
Qualys
US-CERT: Top 30 Vulnerabilities | Qualys
blogs_qualys·2015-05-01·CVSS 2.6
[LOW] US-CERT: Top 30 Vulnerabilities | Qualys
On April 29, 2015 US-CERT published TA15-119A which describes the Top 30 vulnerabilities that critical infrastructure organizations should focus on because they are under attack all the time. The list contains Windows, Internet Explorer, Adobe Software from Reader, Flash to Cold Fusion, Java from Oracle and others and is quite similar to the more generic set of software packages published by the German BSI last December.
Here is a list of the vulnerabilities in the advisory. I have reordered and optimized where possible for efficient scanning with Qualys, for example listing the most recent patch first to take advantage of superseding patches:
Windows: MS14-060 for CVE-2014-4114, Qualys ID: 90979
MS14-012 for CVE-2014-0322
MS13-038 for CVE-2013-1347
MS13-008 for CVE-2012-4792
MS10-01
Zscaler
Memory Corruption Vulnerabilities Target IE 6 & 7 | Blog
blogs_zscaler·2011-07-14·CVSS 9.3
[CRITICAL] Memory Corruption Vulnerabilities Target IE 6 & 7 | Blog
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Zscaler
Spike Of "iepeers.dll" Exploits | Zscaler
blogs_zscaler·2010-05-18·CVSS 9.3
[CRITICAL] Spike Of "iepeers.dll" Exploits | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Zscaler
CVE-2010-0806 Exploit In The Wild | Zscaler
blogs_zscaler·2010-04-06·CVSS 9.3
[CRITICAL] CVE-2010-0806 Exploit In The Wild | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Zscaler
Zscaler protects against Internet Explorer 0day attack | Zscaler
blogs_zscaler
Zscaler protects against Internet Explorer 0day attack | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Zscaler
Zscaler Protects Against IE 0Day Attack | 03-09-2010
blogs_zscaler·CVSS 9.3
[CRITICAL] Zscaler Protects Against IE 0Day Attack | 03-09-2010
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspxhttp://osvdb.org/62810http://secunia.com/advisories/38860http://www.kb.cert.org/vuls/id/744549http://www.microsoft.com/technet/security/advisory/981374.mspxhttp://www.securityfocus.com/bid/38615http://www.us-cert.gov/cas/techalerts/TA10-068A.htmlhttp://www.us-cert.gov/cas/techalerts/TA10-089A.htmlhttp://www.vupen.com/english/advisories/2010/0567http://www.vupen.com/english/advisories/2010/0744https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018https://exchange.xforce.ibmcloud.com/vulnerabilities/56772https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspxhttp://osvdb.org/62810http://secunia.com/advisories/38860http://www.kb.cert.org/vuls/id/744549http://www.microsoft.com/technet/security/advisory/981374.mspxhttp://www.securityfocus.com/bid/38615http://www.us-cert.gov/cas/techalerts/TA10-068A.htmlhttp://www.us-cert.gov/cas/techalerts/TA10-089A.htmlhttp://www.vupen.com/english/advisories/2010/0567http://www.vupen.com/english/advisories/2010/0744https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018https://exchange.xforce.ibmcloud.com/vulnerabilities/56772https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446https://learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0806
2010-03-10
Published
2026-05-20
Added to CISA KEV
Exploited in the wild