High severity8.8CISA KEVNVD Advisory· Published Mar 10, 2010· Updated Jun 16, 2026
CVE-2010-0806
CVE-2010-0806
Description
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
- (no CPE)range: 6, 6 SP1, 7
Patches
Vulnerability mechanics
References
15- www.kb.cert.org/vuls/id/744549nvdPatchUS Government Resource
- www.microsoft.com/technet/security/advisory/981374.mspxnvdBroken LinkPatchVendor Advisory
- secunia.com/advisories/38860nvdVendor Advisory
- www.vupen.com/english/advisories/2010/0567nvdVendor Advisory
- www.vupen.com/english/advisories/2010/0744nvdVendor Advisory
- docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018nvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/56772nvdThird Party AdvisoryVDB Entry
- learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018nvdVendor Advisory
- blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspxnvdBroken Link
- osvdb.org/62810nvdBroken Link
- www.securityfocus.com/bid/38615nvdBroken Link
- www.us-cert.gov/cas/techalerts/TA10-068A.htmlnvdUS Government Resource
- www.us-cert.gov/cas/techalerts/TA10-089A.htmlnvdUS Government Resource
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446nvdBroken Link
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
4- Microsoft Warns of Two Actively Exploited Defender VulnerabilitiesThe Hacker News · May 21, 2026
- Microsoft Patches Exploited UnDefend and RedSun Defender Zero-DaysSecurityWeek · May 21, 2026
- Microsoft: 6 Actively-Exploited Flaws Added to CISA KEVVypr Intelligence · May 20, 2026
- CISA Adds Seven Known Exploited Vulnerabilities to CatalogCISA Alerts