Vulnerability Details : CVE-2010-0806
Public exploit exists!
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2010-0806
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0806
97.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2010-0806
-
MS10-018 Microsoft Internet Explorer DHTML Behaviors Use After Free
Disclosure Date: 2010-03-09First seen: 2020-04-26exploit/windows/browser/ms10_018_ie_behaviorsThis module exploits a use-after-free vulnerability within the DHTML behaviors functionality of Microsoft Internet Explorer versions 6 and 7. This bug was discovered being used in-the-wild and was previously known as the "iepeers" vulnerability. The name comes from
CVSS scores for CVE-2010-0806
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2010-0806
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0806
-
http://www.microsoft.com/technet/security/advisory/981374.mspx
Technical documentation, API, and code examples | Microsoft DocsPatch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2010/0567
Webmail | OVH- OVHVendor Advisory
-
http://www.us-cert.gov/cas/techalerts/TA10-068A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx
Page not found – Microsoft Security Response Center
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/56772
Microsoft Internet Explorer use-after-free code execution CVE-2010-0806 Vulnerability Report
-
http://www.vupen.com/english/advisories/2010/0744
Webmail | OVH- OVHVendor Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018
Microsoft Security Bulletin MS10-018 - Critical | Microsoft Docs
-
http://www.kb.cert.org/vuls/id/744549
VU#744549 - Microsoft Internet Explorer iepeers.dll use-after-free vulnerabilityPatch;US Government Resource
-
http://osvdb.org/62810
-
http://www.securityfocus.com/bid/38615
Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability
-
http://www.us-cert.gov/cas/techalerts/TA10-089A.html
Microsoft Internet Explorer Vulnerabilities | CISAUS Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446
Repository / Oval Repository
-
http://secunia.com/advisories/38860
Sign inVendor Advisory
Jump to