High severity8.8CISA KEVNVD Advisory· Published Mar 10, 2010· Updated May 20, 2026

CVE-2010-0806

Description

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."

Affected products

Microsoft/Internet Explorer2 versions
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
Microsoft/Windows 2000
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
Microsoft/Windows Server 20033 versions
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
Microsoft/Windows Server 20086 versions
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*+ 5 more
- cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
Microsoft/Windows Vista4 versions
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
Microsoft/Windows Xp3 versions
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/744549nvdPatchUS Government Resource
www.microsoft.com/technet/security/advisory/981374.mspxnvdPatchVendor Advisory
secunia.com/advisories/38860nvdVendor Advisory
www.vupen.com/english/advisories/2010/0567nvdVendor Advisory
www.vupen.com/english/advisories/2010/0744nvdVendor Advisory
www.us-cert.gov/cas/techalerts/TA10-068A.htmlnvdUS Government Resource
www.us-cert.gov/cas/techalerts/TA10-089A.htmlnvdUS Government Resource
blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspxnvd
osvdb.org/62810nvd
www.securityfocus.com/bid/38615nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018nvd
exchange.xforce.ibmcloud.com/vulnerabilities/56772nvd
learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446nvd
www.cisa.gov/known-exploited-vulnerabilities-catalognvd

News mentions

CISA Adds Seven Known Exploited Vulnerabilities to Catalog
CISA Alerts

cvss	0.572
epss	0.072
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000