CVE-2010-0806
8.8 HIGHUse-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote...
Published: 2010-03-10 · Last updated: 2026-05-21
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE
- CWE-399, CWE-416
Affected products
| Vendor | Product |
|---|---|
| microsoft | internet_explorer |
Description
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2010-0806
- [Other]http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx
- [Other]http://osvdb.org/62810
- [Vendor advisory]http://secunia.com/advisories/38860
- [Patch]http://www.kb.cert.org/vuls/id/744549
- [Patch]http://www.microsoft.com/technet/security/advisory/981374.mspx
- [Other]http://www.securityfocus.com/bid/38615
- [Other]http://www.us-cert.gov/cas/techalerts/TA10-068A.html
- [Other]http://www.us-cert.gov/cas/techalerts/TA10-089A.html
- [Vendor advisory]http://www.vupen.com/english/advisories/2010/0567
- [Vendor advisory]http://www.vupen.com/english/advisories/2010/0744
- [Vendor advisory]https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018
- [Other]https://exchange.xforce.ibmcloud.com/vulnerabilities/56772
- [Other]https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446
- [Other]http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx
- [Other]http://osvdb.org/62810
- [Vendor advisory]http://secunia.com/advisories/38860
- [Patch]http://www.kb.cert.org/vuls/id/744549
- [Patch]http://www.microsoft.com/technet/security/advisory/981374.mspx
- [Other]http://www.securityfocus.com/bid/38615
- [Other]http://www.us-cert.gov/cas/techalerts/TA10-068A.html
- [Other]http://www.us-cert.gov/cas/techalerts/TA10-089A.html
- [Vendor advisory]http://www.vupen.com/english/advisories/2010/0567
- [Vendor advisory]http://www.vupen.com/english/advisories/2010/0744
- [Vendor advisory]https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018
- [Other]https://exchange.xforce.ibmcloud.com/vulnerabilities/56772
- [Other]https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446
- [Vendor advisory]https://learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018
- [Other]https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0806
Related CVEs
Same vendor
- CVE-2026-50507 — Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack (6.8 MEDIUM)
- CVE-2026-49160 — Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network (7.5 HIGH)
- CVE-2026-48583 — Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally (7.8 HIGH)
- CVE-2026-48578 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally (7.9 HIGH)
- CVE-2026-48576 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally (7.9 HIGH)
Same CWE
- CVE-2026-53462 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.9 MEDIUM)
- CVE-2026-46523 — ImageMagick is free and open-source software used for editing and manipulating digital images (6.2 MEDIUM)
- CVE-2026-52757 — Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable me... (4.4 MEDIUM)
- CVE-2026-49496 — Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when... (6.1 MEDIUM)
- CVE-2026-45782 — Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads