Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
Published 2010-03-10 22:30:01
Updated 2023-12-07 18:38:57
View at NVD,   CVE.org
Vulnerability category: Memory CorruptionExecute code

Exploit prediction scoring system (EPSS) score for CVE-2010-0806

Probability of exploitation activity in the next 30 days: 97.31%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2010-0806

  • MS10-018 Microsoft Internet Explorer DHTML Behaviors Use After Free
    Disclosure Date: 2010-03-09
    First seen: 2020-04-26
    exploit/windows/browser/ms10_018_ie_behaviors
    This module exploits a use-after-free vulnerability within the DHTML behaviors functionality of Microsoft Internet Explorer versions 6 and 7. This bug was discovered being used in-the-wild and was previously known as the "iepeers" vulnerability. The name comes from

CVSS scores for CVE-2010-0806

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
9.3
HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
NIST

CWE ids for CVE-2010-0806

  • Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-0806

Products affected by CVE-2010-0806

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!