← Back

CVE-2010-0806

nvd nist
Published: Mar 10, 2010Modified: May 21, 2026CISA KEV

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."

Affected (5)

Microsoft
1 product
Internet Explorer
Configuration A
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Microsoft
Internet Explorer
Version 5.01
Internet Explorer
Version 6 sp1
Running on/withPlatform Versions
Microsoft
Windows 2000
All versions
Configuration B
1 vulnerable · 4 platform
Vulnerable SoftwareAffected Versions
Internet Explorer
Version 8
Running on/withPlatform Versions
Microsoft
Windows 7
All versions
Microsoft
Windows 7
All versions
Microsoft
Windows Server 2008
Version r2
Microsoft
Windows Server 2008
Version r2
Configuration C
1 vulnerable · 7 platform
Vulnerable SoftwareAffected Versions
Internet Explorer
Version 7
Running on/withPlatform Versions
Microsoft
Windows Server 2008
All versions
Microsoft
Windows Server 2008
All versions
Microsoft
Windows Server 2008
All versions
Microsoft
Windows Vista
All versions
Microsoft
Windows Vista
All versions
Microsoft
Windows Xp
All versions
Microsoft
Windows Xp
All versions
Configuration D
1 vulnerable · 6 platform
Vulnerable SoftwareAffected Versions
Internet Explorer
Version 6
Running on/withPlatform Versions
Microsoft
Windows Server 2003
All versions
Microsoft
Windows Server 2003
All versions
Microsoft
Windows Server 2003
All versions
Microsoft
Windows Xp
All versions
Microsoft
Windows Xp
All versions
Microsoft
Windows Xp
All versions

Related CWEs

CWE-399
CWE-399
CWE-416
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (28)

Source: secure@microsoft.com
Broken Link
Source: secure@microsoft.com
Broken Link
Source: secure@microsoft.com
Vendor Advisory
Source: secure@microsoft.com
PatchUS Government Resource
Source: secure@microsoft.com
PatchVendor AdvisoryBroken Link
Source: secure@microsoft.com
Broken Link
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Vendor Advisory
Source: secure@microsoft.com
Vendor Advisory
Source: secure@microsoft.com
Vendor Advisory
Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor AdvisoryBroken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.