9.3

CVE-2010-0806

Warnung
Medienbericht
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version5.01
   MicrosoftWindows 2000 Updatesp4
MicrosoftInternet Explorer Version6 Updatesp1
   MicrosoftWindows 2000 Updatesp4
MicrosoftInternet Explorer Version8
   MicrosoftWindows 7 Version- HwPlatformx64
   MicrosoftWindows 7 Version- HwPlatformx86
   MicrosoftWindows Server 2003 Updatesp2
   MicrosoftWindows Server 2003 Version- Updatesp2 HwPlatformx64
   MicrosoftWindows Server 2008 Version- Updatesp2 HwPlatformx64
   MicrosoftWindows Server 2008 Version- Updatesp2 HwPlatformx86
   MicrosoftWindows Server 2008 Versionr2 HwPlatformitanium
   MicrosoftWindows Server 2008 Versionr2 HwPlatformx64
   MicrosoftWindows Vista Updatesp1
   MicrosoftWindows Vista Updatesp2
   MicrosoftWindows Xp Updatesp2
   MicrosoftWindows Xp Updatesp3
   MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
MicrosoftInternet Explorer Version7
   MicrosoftWindows Server 2003 Updatesp2
   MicrosoftWindows Server 2003 Version- Updatesp2 HwPlatformitanium
   MicrosoftWindows Server 2003 Version- Updatesp2 HwPlatformx64
   MicrosoftWindows Server 2008 Version- Updatesp2 HwPlatformitanium
   MicrosoftWindows Server 2008 Version- Updatesp2 HwPlatformx64
   MicrosoftWindows Server 2008 Version- Updatesp2 HwPlatformx86
   MicrosoftWindows Vista Updatesp1
   MicrosoftWindows Vista Updatesp2
   MicrosoftWindows Xp Updatesp2
   MicrosoftWindows Xp Updatesp3
   MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
MicrosoftInternet Explorer Version6
   MicrosoftWindows Server 2003 Updatesp2
   MicrosoftWindows Server 2003 Version- Updatesp2 HwPlatformitanium
   MicrosoftWindows Server 2003 Version- Updatesp2 HwPlatformx64
   MicrosoftWindows Xp Version- Updatesp2
   MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
   MicrosoftWindows Xp Version- Updatesp3

20.05.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Internet Explorer Use-After-Free Vulnerability

Schwachstelle

Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 82.17% 0.996
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
21.05.2026 14:09
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
21.05.2026 08:24
http://www.us-cert.gov/cas/techalerts/TA10-068A.html
US Government Resource
http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx
Broken Link
http://osvdb.org/62810
Broken Link
http://secunia.com/advisories/38860
Vendor Advisory
http://www.kb.cert.org/vuls/id/744549
Patch
US Government Resource
http://www.microsoft.com/technet/security/advisory/981374.mspx
Patch
Vendor Advisory
Broken Link
http://www.securityfocus.com/bid/38615
Broken Link
http://www.us-cert.gov/cas/techalerts/TA10-089A.html
US Government Resource
http://www.vupen.com/english/advisories/2010/0567
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0744
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/56772
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446
Broken Link
https://learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0806
US Government Resource