⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2010-0806Out-of-bounds Write in Microsoft Internet Explorer

CWE-39917 documents8 sources
Severity
9.3CRITICALNVD
EPSS
89.5%
top 0.45%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedMar 10
Latest updateMay 2

Description

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: www.kb.cert.orgPatch: www.microsoft.comPatch: www.kb.cert.org

🔴Vulnerability Details

2
GHSA
GHSA-f5rx-x946-jm33: Use-after-free vulnerability in the Peer Objects component (aka iepeers2022-05-02
VulnCheck
Microsoft Internet Explorer iepeers.dll Uninitialized Memory Corruption2010

💥Exploits & PoCs

3
Exploit-DB
Microsoft Internet Explorer - DHTML Behaviour Use-After-Free (MS10-018) (Metasploit)2010-12-14
Exploit-DB
Microsoft Internet Explorer - 'iepeers.dll' Use-After-Free (Metasploit)2010-03-10
Metasploit
MS10-018 Microsoft Internet Explorer DHTML Behaviors Use After Free

🕵️Threat Intelligence

11
Unit42
Web-Based Threats: First Half 20192019-11-01
Unit42
Web-Based Threats: First Half 20192019-11-01
Unit42
Web-based Threats-2018 Q3: Malicious URLs and Domains take a Dip2018-12-27
Unit42
Web-based Threats-2018 Q3: Malicious URLs and Domains take a Dip2018-12-27
Qualys
US-CERT: Top 30 Vulnerabilities | Qualys2015-05-01
CVE-2010-0806 — Out-of-bounds Write in Microsoft | cvebase