CVE-2010-0806

Published Mar 10, 2010

Last updated 4 days ago

Exploit knownCVSS high 8.8
Microsoft Internet Explorer

Overview

AI description

Automated description summarized from trusted sources.

CVE-2010-0806 is a use-after-free vulnerability found in the Peer Objects component (iepeers.dll) of Microsoft Internet Explorer versions 6, 6 SP1, and 7. This flaw allows remote attackers to execute arbitrary code. The vulnerability occurs when an attacker can manipulate the browser to access an invalid pointer after an object has been deleted. This can lead to memory corruption and enable the execution of malicious code. This vulnerability was actively exploited in the wild, notably in March 2010, and was also referred to as an "Uninitialized Memory Corruption Vulnerability."

Description
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
Source
secure@microsoft.com
NVD status
Analyzed
Products
internet_explorer

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 2.0

Type
Primary
Base score
9.3
Impact score
10
Exploitability score
8.6
Vector string
AV:N/AC:M/Au:N/C:C/I:C/A:C

Known exploits

Data from CISA

Vulnerability name
Microsoft Internet Explorer Use-After-Free Vulnerability
Exploit added on
May 20, 2026
Exploit action due
Jun 3, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-399
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-416

Social media

Hype score
Not currently trending

  1. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに7件追加。10年以上前のAcrobatのCVE-2009-3459及びMSのCVE-2008-4250、CVE-2009-1537、CVE-2010-0249、CVE-2010-0806、並びに多分RedSunのCVE-2

    @__kokumoto

    20 May 2026

    1211 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    1 Reply

    1 Quote

  2. 🚨 7 new CISA KEV adds today CVE-2026-45498, CVE-2026-41091, CVE-2010-0806, CVE-2010-0249, CVE-2009-3459, CVE-2009-1537, CVE-2008-4250 https://t.co/0StDFCzdCI #boarnet #cybersecurity #cisakev #cve #threatintelligence #malware

    @boarnetio

    20 May 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Evaluator

Comment
Further information on this vulnerability can be found at the following link from Microsoft: http://support.microsoft.com/kb/981374
Impact
-
Solution
-

Configurations

Related CVEs

  1. Microsoft Internet Explorer Remote Code Execution VulnerabilityCVE-2021-27085
  2. Microsoft Internet Explorer Memory Corruption VulnerabilityCVE-2021-26411
  3. <p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>There are multiple ways an attacker could exploit the vulnerability:</p> <ul> <li><p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.</p> </li> <li><p>In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file.</p> </li> </ul> <p>The security update addresses the vulnerability by ensuring the Wininit.dll properly handles objects in memory.</p>CVE-2020-1506
  4. <p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>There are multiple ways an attacker could exploit the vulnerability:</p> <ul> <li><p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.</p> </li> <li><p>In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file.</p> </li> </ul> <p>The security update addresses the vulnerability by ensuring the Wininit.dll properly handles objects in memory.</p>CVE-2020-1012
  5. Microsoft Edge and Internet Explorer Memory Corruption VulnerabilityCVE-2020-0878

References

Sources include official advisories and independent security research.