Vulnerability-Lookup

CVE-2010-0806 (GCVE-0-2010-0806)

Vulnerability from cvelistv5 – Published: 2010-03-10 22:00 – Updated: 2026-05-21 03:55

CISA KEV

Summary

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Assigner

microsoft

References

13 references

URL	Tags
http://osvdb.org/62810	vdb-entryx_refsource_OSVDB
http://www.us-cert.gov/cas/techalerts/TA10-089A.html	third-party-advisoryx_refsource_CERT
http://www.securityfocus.com/bid/38615	vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2010/0567	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/38860	third-party-advisoryx_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA10-068A.html	third-party-advisoryx_refsource_CERT
https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
http://www.microsoft.com/technet/security/advisor…	x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://www.vupen.com/english/advisories/2010/0744	vdb-entryx_refsource_VUPEN
http://blogs.technet.com/msrc/archive/2010/03/09/…	x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/744549	third-party-advisoryx_refsource_CERT-VN

Date Public

2010-03-09 00:00

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 667c5f76-f163-48a4-8d2e-e0d33895f0f0

Vulnerability ID: CVE-2010-0806

Status: Confirmed

Status Updated: 2026-05-20 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2026-05-20

Asserted: 2026-05-20

Scope

Notes: KEV entry: Microsoft Internet Explorer Use-After-Free Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-06-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://learn.microsoft.com/en-us/security-updates/securityadvisories/2010/981374 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0806

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-399
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Internet Explorer
Due Date	2026-06-03
Date Added	2026-05-20
Vendorproject	Microsoft
Vulnerabilityname	Microsoft Internet Explorer Use-After-Free Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2010-0806

Created: 2026-05-20 18:00 UTC | Updated: 2026-05-20 18:00 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:59:39.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "62810",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/62810"
          },
          {
            "name": "TA10-089A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"
          },
          {
            "name": "38615",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38615"
          },
          {
            "name": "ADV-2010-0567",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0567"
          },
          {
            "name": "38860",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38860"
          },
          {
            "name": "TA10-068A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
          },
          {
            "name": "MS10-018",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/981374.mspx"
          },
          {
            "name": "ms-ie-useafterfree-code-execution(56772)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56772"
          },
          {
            "name": "oval:org.mitre.oval:def:8446",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446"
          },
          {
            "name": "ADV-2010-0744",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0744"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx"
          },
          {
            "name": "VU#744549",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/744549"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2010-0806",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-05-20",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0806"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-21T03:55:29.109Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory"
            ],
            "url": "https://learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0806"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-05-20T00:00:00.000Z",
            "value": "CVE-2010-0806 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \"Uninitialized Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "62810",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/62810"
        },
        {
          "name": "TA10-089A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"
        },
        {
          "name": "38615",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38615"
        },
        {
          "name": "ADV-2010-0567",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0567"
        },
        {
          "name": "38860",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38860"
        },
        {
          "name": "TA10-068A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
        },
        {
          "name": "MS10-018",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/981374.mspx"
        },
        {
          "name": "ms-ie-useafterfree-code-execution(56772)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56772"
        },
        {
          "name": "oval:org.mitre.oval:def:8446",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446"
        },
        {
          "name": "ADV-2010-0744",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0744"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx"
        },
        {
          "name": "VU#744549",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/744549"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-0806",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \"Uninitialized Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "62810",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/62810"
            },
            {
              "name": "TA10-089A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"
            },
            {
              "name": "38615",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/38615"
            },
            {
              "name": "ADV-2010-0567",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0567"
            },
            {
              "name": "38860",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38860"
            },
            {
              "name": "TA10-068A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
            },
            {
              "name": "MS10-018",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/981374.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/981374.mspx"
            },
            {
              "name": "ms-ie-useafterfree-code-execution(56772)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56772"
            },
            {
              "name": "oval:org.mitre.oval:def:8446",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446"
            },
            {
              "name": "ADV-2010-0744",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0744"
            },
            {
              "name": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx",
              "refsource": "CONFIRM",
              "url": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx"
            },
            {
              "name": "VU#744549",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/744549"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2010-0806",
    "datePublished": "2010-03-10T22:00:00.000Z",
    "dateReserved": "2010-03-02T00:00:00.000Z",
    "dateUpdated": "2026-05-21T03:55:29.109Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2010-0806",
      "cwes": "[\"CWE-399\"]",
      "dateAdded": "2026-05-20",
      "dueDate": "2026-06-03",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://learn.microsoft.com/en-us/security-updates/securityadvisories/2010/981374 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0806",
      "product": "Internet Explorer",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Internet Explorer Use-After-Free Vulnerability"
    },
    "epss": {
      "cve": "CVE-2010-0806",
      "date": "2026-05-28",
      "epss": "0.87253",
      "percentile": "0.99466"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A33FA7F-BB2A-4C66-B608-72997A2BD1DB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"F7EFB032-47F4-4497-B16B-CB9126EAC9DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B339C33-8896-4896-88FF-88E74FDBC543\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A33FA7F-BB2A-4C66-B608-72997A2BD1DB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"7F6EA111-A4E6-4963-A0C8-F9336C605B6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*\", \"matchCriteriaId\": \"9CFB1A97-8042-4497-A45D-C014B5E240AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"7F9C7616-658D-409D-8B53-AC00DC55602A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*\", \"matchCriteriaId\": \"B8A32637-65EC-42C4-A892-0E599562527C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"7AE15F6C-80F6-43A6-86DA-B92116A697A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"2C9B0563-D613-497D-8F2E-515E6DA00CA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3852BB02-47A1-40B3-8E32-8D8891A53114\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A0D2704-C058-420B-B368-372D1129E914\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"2978BF86-5A1A-438E-B81F-F360D0E30C9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"F7EFB032-47F4-4497-B16B-CB9126EAC9DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B339C33-8896-4896-88FF-88E74FDBC543\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \\\"Uninitialized Memory Corruption Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"La vulnerabilidad de Uso de la Memoria Previamente Liberada en el componente Peer Objects (tambi\\u00e9n se conoce como iepeers.dll) en Microsoft Internet Explorer versiones 6, 6 SP1 y 7 permite a los atacantes remotos ejecutar c\\u00f3digo arbitrario por medio de vectores que implican el acceso a un puntero no v\\u00e1lido luego de la eliminaci\\u00f3n de un objeto, tal y como se explot\\u00f3 \\\"in the wild\\\" en marzo de 2010, tambi\\u00e9n se conoce como \\\"Uninitialized Memory Corruption Vulnerability\\\".\"}]",
      "evaluatorComment": "Further information on this vulnerability can be found at the following link from Microsoft:\r\n\r\nhttp://support.microsoft.com/kb/981374",
      "id": "CVE-2010-0806",
      "lastModified": "2024-11-21T01:13:00.167",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-03-10T22:30:01.323",
      "references": "[{\"url\": \"http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://osvdb.org/62810\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/38860\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/744549\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/981374.mspx\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/38615\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-068A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-089A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0567\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0744\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/56772\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/62810\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/38860\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/744549\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/981374.mspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/38615\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-068A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-089A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0567\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0744\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/56772\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-0806\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2010-03-10T22:30:01.323\",\"lastModified\":\"2026-05-21T12:57:10.303\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \\\"Uninitialized Memory Corruption Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de Uso de la Memoria Previamente Liberada en el componente Peer Objects (tambi\u00e9n se conoce como iepeers.dll) en Microsoft Internet Explorer versiones 6, 6 SP1 y 7 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de vectores que implican el acceso a un puntero no v\u00e1lido luego de la eliminaci\u00f3n de un objeto, tal y como se explot\u00f3 \\\"in the wild\\\" en marzo de 2010, tambi\u00e9n se conoce como \\\"Uninitialized Memory Corruption Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2026-05-20\",\"cisaActionDue\":\"2026-06-03\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Microsoft Internet Explorer Use-After-Free Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6219D36E-9E2C-4DC7-8FD5-FAD144A333F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D47247A3-7CD7-4D67-9D9B-A94A504DA1BE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A52E757F-9B41-43B4-9D67-3FEDACA71283\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"FE52F111-C761-4011-9AC4-8B9C0E9357D9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"4B2C1DB8-97B9-4D44-906C-3EFA100B01CC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"A7371547-290D-4D0D-B98D-CA28B4D2E8B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"2127D10C-B6F3-4C1D-B9AA-5D78513CC996\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*\",\"matchCriteriaId\":\"AB425562-C0A0-452E-AABE-F70522F15E1A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*\",\"matchCriteriaId\":\"B20DD263-5A62-4CB1-BD47-D1F9A6C67E08\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"B7674920-AE12-4A25-BE57-34AEDDA74D76\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0D2704-C058-420B-B368-372D1129E914\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*\",\"matchCriteriaId\":\"C6109348-BC79-4ED3-8D41-EA546A540C79\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A33FA7F-BB2A-4C66-B608-72997A2BD1DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*\",\"matchCriteriaId\":\"9F98AE07-3995-4501-9804-FEA5A87ADFAD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"A7371547-290D-4D0D-B98D-CA28B4D2E8B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:itanium:*\",\"matchCriteriaId\":\"FFFD8C6B-7A46-484C-8701-81D58AB1C2CF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"2127D10C-B6F3-4C1D-B9AA-5D78513CC996\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*\",\"matchCriteriaId\":\"AB425562-C0A0-452E-AABE-F70522F15E1A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0D2704-C058-420B-B368-372D1129E914\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*\",\"matchCriteriaId\":\"C6109348-BC79-4ED3-8D41-EA546A540C79\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*\",\"matchCriteriaId\":\"9F98AE07-3995-4501-9804-FEA5A87ADFAD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"A7371547-290D-4D0D-B98D-CA28B4D2E8B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*\",\"matchCriteriaId\":\"C6109348-BC79-4ED3-8D41-EA546A540C79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]}],\"references\":[{\"url\":\"http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://osvdb.org/62810\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/38860\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/744549\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/981374.mspx\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/38615\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-068A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-089A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0567\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0744\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/56772\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://osvdb.org/62810\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/38860\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/744549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/981374.mspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/38615\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-068A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-089A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0567\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/56772\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0806\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}],\"evaluatorComment\":\"Further information on this vulnerability can be found at the following link from Microsoft:\\r\\n\\r\\nhttp://support.microsoft.com/kb/981374\"}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://osvdb.org/62810\", \"name\": \"62810\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\", \"x_transferred\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-089A.html\", \"name\": \"TA10-089A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/38615\", \"name\": \"38615\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0567\", \"name\": \"ADV-2010-0567\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/38860\", \"name\": \"38860\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-068A.html\", \"name\": \"TA10-068A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018\", \"name\": \"MS10-018\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\", \"x_transferred\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/981374.mspx\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/56772\", \"name\": \"ms-ie-useafterfree-code-execution(56772)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\", \"x_transferred\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446\", \"name\": \"oval:org.mitre.oval:def:8446\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0744\", \"name\": \"ADV-2010-0744\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/744549\", \"name\": \"VU#744549\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-07T00:59:39.106Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2010-0806\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-20T17:14:10.278435Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2026-05-20\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0806\"}}}], \"references\": [{\"url\": \"https://learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0806\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-20T13:58:54.453Z\"}, \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-20T00:00:00.000Z\", \"value\": \"CVE-2010-0806 added to CISA KEV\"}]}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2010-03-09T00:00:00.000Z\", \"references\": [{\"url\": \"http://osvdb.org/62810\", \"name\": \"62810\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-089A.html\", \"name\": \"TA10-089A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"]}, {\"url\": \"http://www.securityfocus.com/bid/38615\", \"name\": \"38615\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0567\", \"name\": \"ADV-2010-0567\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"http://secunia.com/advisories/38860\", \"name\": \"38860\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-068A.html\", \"name\": \"TA10-068A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018\", \"name\": \"MS10-018\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/981374.mspx\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/56772\", \"name\": \"ms-ie-useafterfree-code-execution(56772)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446\", \"name\": \"oval:org.mitre.oval:def:8446\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0744\", \"name\": \"ADV-2010-0744\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/744549\", \"name\": \"VU#744549\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \\\"Uninitialized Memory Corruption Vulnerability.\\\"\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2018-10-12T19:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://osvdb.org/62810\", \"name\": \"62810\", \"refsource\": \"OSVDB\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-089A.html\", \"name\": \"TA10-089A\", \"refsource\": \"CERT\"}, {\"url\": \"http://www.securityfocus.com/bid/38615\", \"name\": \"38615\", \"refsource\": \"BID\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0567\", \"name\": \"ADV-2010-0567\", \"refsource\": \"VUPEN\"}, {\"url\": \"http://secunia.com/advisories/38860\", \"name\": \"38860\", \"refsource\": \"SECUNIA\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-068A.html\", \"name\": \"TA10-068A\", \"refsource\": \"CERT\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018\", \"name\": \"MS10-018\", \"refsource\": \"MS\"}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/981374.mspx\", \"name\": \"http://www.microsoft.com/technet/security/advisory/981374.mspx\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/56772\", \"name\": \"ms-ie-useafterfree-code-execution(56772)\", \"refsource\": \"XF\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446\", \"name\": \"oval:org.mitre.oval:def:8446\", \"refsource\": \"OVAL\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0744\", \"name\": \"ADV-2010-0744\", \"refsource\": \"VUPEN\"}, {\"url\": \"http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx\", \"name\": \"http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/744549\", \"name\": \"VU#744549\", \"refsource\": \"CERT-VN\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \\\"Uninitialized Memory Corruption Vulnerability.\\\"\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2010-0806\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secure@microsoft.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2010-0806\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-21T03:55:29.109Z\", \"dateReserved\": \"2010-03-02T00:00:00.000Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2010-03-10T22:00:00.000Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTA-2010-ALE-004

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité dans Microsoft Internet Explorer permet l'exécution de code arbitraire à distance.

L'éditeur a publié un correctif pour remédier à cette vulnérabilité.

Description

Une vulnérabilité a été identifiée dans Microsoft Internet Explorer. Son exploitation permet l'exécution de code arbitraire à distance en incitant une victime à visiter une page Web spécialement conçue. L'éditeur Microsoft annonce que plusieurs cas d'attaques utilisant cette faille ont été découverts.

Le CERTA rappelle que si la vulnérabilité touche le navigateur Internet Explorer, d'autres vecteurs que des pages internet peuvent être utilisés. Notamment, il est possible d'exploiter cette faille au moyen de documents Microsoft Office spécialement conçus (cf. bulletin d'actualité CERTA-2009-ACT-012).

Contournement provisoire

Le CERTA recommande l'application du contournement suivant, qui consiste à retirer les droits d'accès à la bibliothèque iepeers.dll. Ceci peut avoir des effets de bord sur certaines fonctionnalités étendues de MSHTML (impression, répertoires Web).

Sur les systèmes 32 bits :

Echo y| cacls %WINDIR%\SYSTEM32\iepeers.DLL /E /P "Tout le monde":N

Sur les systèmes 64 bits :

Echo y| cacls %WINDIR%\SYSWOW64\iepeers.DLL /E /P "Tout le monde":N

Pour désactiver ce contournement et autoriser l'accès à cette bibliothèque :

Sur les systèmes 32 bits :

cacls %WINDIR%\SYSTEM32\iepeers.dll /E /R "Tout le monde"

Sur les systèmes 64 bits :

cacls %WINDIR%\SYSWOW64\iepeers.dll /E /R "Tout le monde"

Ce contournement fonctionne pour tous les vecteurs d'attaque (page Web, document Microsoft Office, etc.) et est donc recommandé même si Internet Explorer n'est pas le logiciel par défaut utilisé pour la navigation. L'installation d'Internet Explorer 8 permet également de contourner la vulnérabilité pour tous les vecteurs d'attaque.

Si les contournements précédents s'avèrent inapplicables, il est recommandé de naviguer avec un navigateur alternatif et d'appliquer les contournements spécifiques à l'exploitation de la vulnérabilité via des documents Microsoft Office (cf. bulletin d'actualité CERTA-2009-ACT-012).

Le CERTA rappelle, de plus, qu'il recommandé de naviguer avec un compte utilisateur aux droits restreints et de désactiver l'interprétation de code dynamique (Javascript, ActiveX). De plus, l'activation du DEP (Data Execution Prevention) peut limiter l'impact de cette vulnérabilité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Internet Explorer 6 Service Pack 1 ;
Microsoft	N/A	Internet Explorer 6 ;
Microsoft	N/A	Internet Explorer 7.

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS10-018 du 30 mars 2010	None	vendor-advisory
Avis de sécurité Microsoft #981374 du 09 mars 2010	None	vendor-advisory
Avis du CERTA CERTA-2010-AVI-146 du 31 mars 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 6 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2010-03-31",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans Microsoft Internet Explorer. Son\nexploitation permet l\u0027ex\u00e9cution de code arbitraire \u00e0 distance en\nincitant une victime \u00e0 visiter une page Web sp\u00e9cialement con\u00e7ue.\nL\u0027\u00e9diteur Microsoft annonce que plusieurs cas d\u0027attaques utilisant cette\nfaille ont \u00e9t\u00e9 d\u00e9couverts.\n\nLe CERTA rappelle que si la vuln\u00e9rabilit\u00e9 touche le navigateur Internet\nExplorer, d\u0027autres vecteurs que des pages internet peuvent \u00eatre\nutilis\u00e9s. Notamment, il est possible d\u0027exploiter cette faille au moyen\nde documents Microsoft Office sp\u00e9cialement con\u00e7us (cf. bulletin\nd\u0027actualit\u00e9 CERTA-2009-ACT-012).\n\n## Contournement provisoire\n\nLe CERTA recommande l\u0027application du contournement suivant, qui consiste\n\u00e0 retirer les droits d\u0027acc\u00e8s \u00e0 la biblioth\u00e8que iepeers.dll. Ceci peut\navoir des effets de bord sur certaines fonctionnalit\u00e9s \u00e9tendues de\nMSHTML (impression, r\u00e9pertoires Web).\n\nSur les syst\u00e8mes 32 bits :\n\n    Echo y| cacls %WINDIR%\\SYSTEM32\\iepeers.DLL /E /P \"Tout le monde\":N\n\nSur les syst\u00e8mes 64 bits :\n\n    Echo y| cacls %WINDIR%\\SYSWOW64\\iepeers.DLL /E /P \"Tout le monde\":N\n\nPour d\u00e9sactiver ce contournement et autoriser l\u0027acc\u00e8s \u00e0 cette\nbiblioth\u00e8que :\n\nSur les syst\u00e8mes 32 bits :\n\n    cacls %WINDIR%\\SYSTEM32\\iepeers.dll /E /R \"Tout le monde\"\n\nSur les syst\u00e8mes 64 bits :\n\n    cacls %WINDIR%\\SYSWOW64\\iepeers.dll /E /R \"Tout le monde\"\n\nCe contournement fonctionne pour tous les vecteurs d\u0027attaque (page Web,\ndocument Microsoft Office, etc.) et est donc recommand\u00e9 m\u00eame si Internet\nExplorer n\u0027est pas le logiciel par d\u00e9faut utilis\u00e9 pour la navigation.\nL\u0027installation d\u0027Internet Explorer 8 permet \u00e9galement de contourner la\nvuln\u00e9rabilit\u00e9 pour tous les vecteurs d\u0027attaque.\n\nSi les contournements pr\u00e9c\u00e9dents s\u0027av\u00e8rent inapplicables, il est\nrecommand\u00e9 de naviguer avec un navigateur alternatif et d\u0027appliquer les\ncontournements sp\u00e9cifiques \u00e0 l\u0027exploitation de la vuln\u00e9rabilit\u00e9 via des\ndocuments Microsoft Office (cf. bulletin d\u0027actualit\u00e9\nCERTA-2009-ACT-012).\n\nLe CERTA rappelle, de plus, qu\u0027il recommand\u00e9 de naviguer avec un compte\nutilisateur aux droits restreints et de d\u00e9sactiver l\u0027interpr\u00e9tation de\ncode dynamique (Javascript, ActiveX). De plus, l\u0027activation du DEP (Data\nExecution Prevention) peut limiter l\u0027impact de cette vuln\u00e9rabilit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0806"
    }
  ],
  "links": [
    {
      "title": "Avis du CERTA CERTA-2010-AVI-146 du 31 mars 2010 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-AVI-146/"
    }
  ],
  "reference": "CERTA-2010-ALE-004",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-10T00:00:00.000000"
    },
    {
      "description": "publication du correctif.",
      "revision_date": "2010-03-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Microsoft Internet Explorer permet l\u0027ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n\nL\u0027\u00e9diteur a publi\u00e9 un correctif pour rem\u00e9dier \u00e0 cette vuln\u00e9rabilit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-018 du 30 mars 2010",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx"
    },
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Microsoft #981374 du 09 mars 2010",
      "url": "http://www.microsoft.com/france/technet/security/advisory/981374.mspx"
    }
  ]
}

CERTA-2010-ALE-004

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité dans Microsoft Internet Explorer permet l'exécution de code arbitraire à distance.

L'éditeur a publié un correctif pour remédier à cette vulnérabilité.

Description

Contournement provisoire

Sur les systèmes 32 bits :

Echo y| cacls %WINDIR%\SYSTEM32\iepeers.DLL /E /P "Tout le monde":N

Sur les systèmes 64 bits :

Echo y| cacls %WINDIR%\SYSWOW64\iepeers.DLL /E /P "Tout le monde":N

Pour désactiver ce contournement et autoriser l'accès à cette bibliothèque :

Sur les systèmes 32 bits :

cacls %WINDIR%\SYSTEM32\iepeers.dll /E /R "Tout le monde"

Sur les systèmes 64 bits :

cacls %WINDIR%\SYSWOW64\iepeers.dll /E /R "Tout le monde"

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Internet Explorer 6 Service Pack 1 ;
Microsoft	N/A	Internet Explorer 6 ;
Microsoft	N/A	Internet Explorer 7.

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS10-018 du 30 mars 2010	None	vendor-advisory
Avis de sécurité Microsoft #981374 du 09 mars 2010	None	vendor-advisory
Avis du CERTA CERTA-2010-AVI-146 du 31 mars 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 6 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2010-03-31",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans Microsoft Internet Explorer. Son\nexploitation permet l\u0027ex\u00e9cution de code arbitraire \u00e0 distance en\nincitant une victime \u00e0 visiter une page Web sp\u00e9cialement con\u00e7ue.\nL\u0027\u00e9diteur Microsoft annonce que plusieurs cas d\u0027attaques utilisant cette\nfaille ont \u00e9t\u00e9 d\u00e9couverts.\n\nLe CERTA rappelle que si la vuln\u00e9rabilit\u00e9 touche le navigateur Internet\nExplorer, d\u0027autres vecteurs que des pages internet peuvent \u00eatre\nutilis\u00e9s. Notamment, il est possible d\u0027exploiter cette faille au moyen\nde documents Microsoft Office sp\u00e9cialement con\u00e7us (cf. bulletin\nd\u0027actualit\u00e9 CERTA-2009-ACT-012).\n\n## Contournement provisoire\n\nLe CERTA recommande l\u0027application du contournement suivant, qui consiste\n\u00e0 retirer les droits d\u0027acc\u00e8s \u00e0 la biblioth\u00e8que iepeers.dll. Ceci peut\navoir des effets de bord sur certaines fonctionnalit\u00e9s \u00e9tendues de\nMSHTML (impression, r\u00e9pertoires Web).\n\nSur les syst\u00e8mes 32 bits :\n\n    Echo y| cacls %WINDIR%\\SYSTEM32\\iepeers.DLL /E /P \"Tout le monde\":N\n\nSur les syst\u00e8mes 64 bits :\n\n    Echo y| cacls %WINDIR%\\SYSWOW64\\iepeers.DLL /E /P \"Tout le monde\":N\n\nPour d\u00e9sactiver ce contournement et autoriser l\u0027acc\u00e8s \u00e0 cette\nbiblioth\u00e8que :\n\nSur les syst\u00e8mes 32 bits :\n\n    cacls %WINDIR%\\SYSTEM32\\iepeers.dll /E /R \"Tout le monde\"\n\nSur les syst\u00e8mes 64 bits :\n\n    cacls %WINDIR%\\SYSWOW64\\iepeers.dll /E /R \"Tout le monde\"\n\nCe contournement fonctionne pour tous les vecteurs d\u0027attaque (page Web,\ndocument Microsoft Office, etc.) et est donc recommand\u00e9 m\u00eame si Internet\nExplorer n\u0027est pas le logiciel par d\u00e9faut utilis\u00e9 pour la navigation.\nL\u0027installation d\u0027Internet Explorer 8 permet \u00e9galement de contourner la\nvuln\u00e9rabilit\u00e9 pour tous les vecteurs d\u0027attaque.\n\nSi les contournements pr\u00e9c\u00e9dents s\u0027av\u00e8rent inapplicables, il est\nrecommand\u00e9 de naviguer avec un navigateur alternatif et d\u0027appliquer les\ncontournements sp\u00e9cifiques \u00e0 l\u0027exploitation de la vuln\u00e9rabilit\u00e9 via des\ndocuments Microsoft Office (cf. bulletin d\u0027actualit\u00e9\nCERTA-2009-ACT-012).\n\nLe CERTA rappelle, de plus, qu\u0027il recommand\u00e9 de naviguer avec un compte\nutilisateur aux droits restreints et de d\u00e9sactiver l\u0027interpr\u00e9tation de\ncode dynamique (Javascript, ActiveX). De plus, l\u0027activation du DEP (Data\nExecution Prevention) peut limiter l\u0027impact de cette vuln\u00e9rabilit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0806"
    }
  ],
  "links": [
    {
      "title": "Avis du CERTA CERTA-2010-AVI-146 du 31 mars 2010 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-AVI-146/"
    }
  ],
  "reference": "CERTA-2010-ALE-004",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-10T00:00:00.000000"
    },
    {
      "description": "publication du correctif.",
      "revision_date": "2010-03-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Microsoft Internet Explorer permet l\u0027ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n\nL\u0027\u00e9diteur a publi\u00e9 un correctif pour rem\u00e9dier \u00e0 cette vuln\u00e9rabilit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-018 du 30 mars 2010",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx"
    },
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Microsoft #981374 du 09 mars 2010",
      "url": "http://www.microsoft.com/france/technet/security/advisory/981374.mspx"
    }
  ]
}

CERTA-2010-AVI-146

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités affectent Microsoft Internet Explorer et pemettent d'exécuter du code arbitraire à distance ou d'accéder à des données sensibles.

Description

Plusieurs vulnérabilités affectant Microsoft Internet Explorer ont été publiées. Leur exploitation permet d'exécuter du code arbitraire à distance ou d'accéder à des données sensibles.

Toutes les vulnérabilités n'affectent pas toutes les versions, et une même vulnérabilité peut avoir un impact différent selon les versions du logiciel.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Le correctif remédie à la vulnérabilité décrite dans l'alerte du CERTA CERTA-2010-ALE-004.

Microsoft Internet Explorer, toutes les versions.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS10-018 du 30 mars 2010	None	vendor-advisory
Alerte du CERTA CERTA-2010-ALE-004 du 31 mars 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eMicrosoft Internet Explorer, toutes les  versions.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectant Microsoft Internet Explorer ont \u00e9t\u00e9\npubli\u00e9es. Leur exploitation permet d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance ou d\u0027acc\u00e9der \u00e0 des donn\u00e9es sensibles.\n\nToutes les vuln\u00e9rabilit\u00e9s n\u0027affectent pas toutes les versions, et une\nm\u00eame vuln\u00e9rabilit\u00e9 peut avoir un impact diff\u00e9rent selon les versions du\nlogiciel.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nLe correctif rem\u00e9die \u00e0 la vuln\u00e9rabilit\u00e9 d\u00e9crite dans l\u0027alerte du CERTA\nCERTA-2010-ALE-004.\n",
  "cves": [
    {
      "name": "CVE-2010-0806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0806"
    },
    {
      "name": "CVE-2010-0267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0267"
    },
    {
      "name": "CVE-2010-0491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0491"
    },
    {
      "name": "CVE-2010-0488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0488"
    },
    {
      "name": "CVE-2010-0492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0492"
    },
    {
      "name": "CVE-2010-0805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0805"
    },
    {
      "name": "CVE-2010-0490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0490"
    },
    {
      "name": "CVE-2010-0489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0489"
    },
    {
      "name": "CVE-2010-0807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0807"
    },
    {
      "name": "CVE-2010-0494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0494"
    }
  ],
  "links": [
    {
      "title": "Alerte du CERTA CERTA-2010-ALE-004 du 31 mars 2010 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ALE-004/"
    }
  ],
  "reference": "CERTA-2010-AVI-146",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent Microsoft Internet Explorer et\npemettent d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance ou d\u0027acc\u00e9der \u00e0 des\ndonn\u00e9es sensibles.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-018 du 30 mars 2010",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx"
    }
  ]
}

CERTA-2010-AVI-146

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités affectent Microsoft Internet Explorer et pemettent d'exécuter du code arbitraire à distance ou d'accéder à des données sensibles.

Description

Plusieurs vulnérabilités affectant Microsoft Internet Explorer ont été publiées. Leur exploitation permet d'exécuter du code arbitraire à distance ou d'accéder à des données sensibles.

Toutes les vulnérabilités n'affectent pas toutes les versions, et une même vulnérabilité peut avoir un impact différent selon les versions du logiciel.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Le correctif remédie à la vulnérabilité décrite dans l'alerte du CERTA CERTA-2010-ALE-004.

Microsoft Internet Explorer, toutes les versions.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS10-018 du 30 mars 2010	None	vendor-advisory
Alerte du CERTA CERTA-2010-ALE-004 du 31 mars 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eMicrosoft Internet Explorer, toutes les  versions.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectant Microsoft Internet Explorer ont \u00e9t\u00e9\npubli\u00e9es. Leur exploitation permet d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance ou d\u0027acc\u00e9der \u00e0 des donn\u00e9es sensibles.\n\nToutes les vuln\u00e9rabilit\u00e9s n\u0027affectent pas toutes les versions, et une\nm\u00eame vuln\u00e9rabilit\u00e9 peut avoir un impact diff\u00e9rent selon les versions du\nlogiciel.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nLe correctif rem\u00e9die \u00e0 la vuln\u00e9rabilit\u00e9 d\u00e9crite dans l\u0027alerte du CERTA\nCERTA-2010-ALE-004.\n",
  "cves": [
    {
      "name": "CVE-2010-0806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0806"
    },
    {
      "name": "CVE-2010-0267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0267"
    },
    {
      "name": "CVE-2010-0491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0491"
    },
    {
      "name": "CVE-2010-0488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0488"
    },
    {
      "name": "CVE-2010-0492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0492"
    },
    {
      "name": "CVE-2010-0805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0805"
    },
    {
      "name": "CVE-2010-0490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0490"
    },
    {
      "name": "CVE-2010-0489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0489"
    },
    {
      "name": "CVE-2010-0807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0807"
    },
    {
      "name": "CVE-2010-0494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0494"
    }
  ],
  "links": [
    {
      "title": "Alerte du CERTA CERTA-2010-ALE-004 du 31 mars 2010 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ALE-004/"
    }
  ],
  "reference": "CERTA-2010-AVI-146",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent Microsoft Internet Explorer et\npemettent d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance ou d\u0027acc\u00e9der \u00e0 des\ndonn\u00e9es sensibles.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-018 du 30 mars 2010",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx"
    }
  ]
}

FKIE_CVE-2010-0806

Vulnerability from fkie_nvd - Published: 2010-03-10 22:30 - Updated: 2026-05-21 12:57

CISA KEV

Severity

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx	Broken Link
secure@microsoft.com	http://osvdb.org/62810	Broken Link
secure@microsoft.com	http://secunia.com/advisories/38860	Vendor Advisory
secure@microsoft.com	http://www.kb.cert.org/vuls/id/744549	Patch, US Government Resource
secure@microsoft.com	http://www.microsoft.com/technet/security/advisory/981374.mspx	Patch, Vendor Advisory, Broken Link
secure@microsoft.com	http://www.securityfocus.com/bid/38615	Broken Link
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA10-068A.html	US Government Resource
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA10-089A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2010/0567	Vendor Advisory
secure@microsoft.com	http://www.vupen.com/english/advisories/2010/0744	Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018	Vendor Advisory
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/56772	Third Party Advisory, VDB Entry
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/62810	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38860	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/744549	Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/981374.mspx	Patch, Vendor Advisory, Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/38615	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA10-068A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA10-089A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0567	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0744	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/56772	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446	Broken Link
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018	Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0806	US Government Resource

Impacted products

Vendor	Product	Version
microsoft	internet_explorer	5.01
microsoft	internet_explorer	6
microsoft	windows_2000	*
microsoft	internet_explorer	8
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_server_2003	*
microsoft	windows_server_2003	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	-
microsoft	internet_explorer	7
microsoft	windows_server_2003	*
microsoft	windows_server_2003	-
microsoft	windows_server_2003	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	-
microsoft	internet_explorer	6
microsoft	windows_server_2003	*
microsoft	windows_server_2003	-
microsoft	windows_server_2003	-
microsoft	windows_xp	-
microsoft	windows_xp	-
microsoft	windows_xp	-

JSON

To clipboard

{
  "cisaActionDue": "2026-06-03",
  "cisaExploitAdd": "2026-05-20",
  "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Microsoft Internet Explorer Use-After-Free Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "FE52F111-C761-4011-9AC4-8B9C0E9357D9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "4B2C1DB8-97B9-4D44-906C-3EFA100B01CC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*",
              "matchCriteriaId": "A7371547-290D-4D0D-B98D-CA28B4D2E8B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
              "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
              "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*",
              "matchCriteriaId": "B20DD263-5A62-4CB1-BD47-D1F9A6C67E08",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
              "matchCriteriaId": "B7674920-AE12-4A25-BE57-34AEDDA74D76",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*",
              "matchCriteriaId": "C6109348-BC79-4ED3-8D41-EA546A540C79",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*",
              "matchCriteriaId": "9F98AE07-3995-4501-9804-FEA5A87ADFAD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*",
              "matchCriteriaId": "A7371547-290D-4D0D-B98D-CA28B4D2E8B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:itanium:*",
              "matchCriteriaId": "FFFD8C6B-7A46-484C-8701-81D58AB1C2CF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
              "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
              "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*",
              "matchCriteriaId": "C6109348-BC79-4ED3-8D41-EA546A540C79",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*",
              "matchCriteriaId": "9F98AE07-3995-4501-9804-FEA5A87ADFAD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*",
              "matchCriteriaId": "A7371547-290D-4D0D-B98D-CA28B4D2E8B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*",
              "matchCriteriaId": "C6109348-BC79-4ED3-8D41-EA546A540C79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \"Uninitialized Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad de Uso de la Memoria Previamente Liberada en el componente Peer Objects (tambi\u00e9n se conoce como iepeers.dll) en Microsoft Internet Explorer versiones 6, 6 SP1 y 7 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de vectores que implican el acceso a un puntero no v\u00e1lido luego de la eliminaci\u00f3n de un objeto, tal y como se explot\u00f3 \"in the wild\" en marzo de 2010, tambi\u00e9n se conoce como \"Uninitialized Memory Corruption Vulnerability\"."
    }
  ],
  "evaluatorComment": "Further information on this vulnerability can be found at the following link from Microsoft:\r\n\r\nhttp://support.microsoft.com/kb/981374",
  "id": "CVE-2010-0806",
  "lastModified": "2026-05-21T12:57:10.303",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2010-03-10T22:30:01.323",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/62810"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38860"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/744549"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory",
        "Broken Link"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/981374.mspx"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/38615"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0567"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0744"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56772"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/62810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/744549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory",
        "Broken Link"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/981374.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/38615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0567"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56772"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0806"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-F5RX-X946-JM33

Vulnerability from github – Published: 2022-05-02 06:15 – Updated: 2026-05-20 18:31

Details

Severity

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-0806"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-03-10T22:30:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \"Uninitialized Memory Corruption Vulnerability.\"",
  "id": "GHSA-f5rx-x946-jm33",
  "modified": "2026-05-20T18:31:28Z",
  "published": "2022-05-02T06:15:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0806"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56772"
    },
    {
      "type": "WEB",
      "url": "https://learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0806"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/62810"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38860"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/744549"
    },
    {
      "type": "WEB",
      "url": "http://www.microsoft.com/technet/security/advisory/981374.mspx"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/38615"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0567"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0744"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2010-0806

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-0806

Aliases

CVE-2010-0806

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-0806",
    "description": "Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \"Uninitialized Memory Corruption Vulnerability.\"",
    "id": "GSD-2010-0806",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2010-0806"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0806"
      ],
      "details": "Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \"Uninitialized Memory Corruption Vulnerability.\"",
      "id": "GSD-2010-0806",
      "modified": "2023-12-13T01:21:29.518713Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2010-0806",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \"Uninitialized Memory Corruption Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "62810",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/62810"
          },
          {
            "name": "TA10-089A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"
          },
          {
            "name": "38615",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/38615"
          },
          {
            "name": "ADV-2010-0567",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0567"
          },
          {
            "name": "38860",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38860"
          },
          {
            "name": "TA10-068A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
          },
          {
            "name": "MS10-018",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
          },
          {
            "name": "http://www.microsoft.com/technet/security/advisory/981374.mspx",
            "refsource": "CONFIRM",
            "url": "http://www.microsoft.com/technet/security/advisory/981374.mspx"
          },
          {
            "name": "ms-ie-useafterfree-code-execution(56772)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56772"
          },
          {
            "name": "oval:org.mitre.oval:def:8446",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446"
          },
          {
            "name": "ADV-2010-0744",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0744"
          },
          {
            "name": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx",
            "refsource": "CONFIRM",
            "url": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx"
          },
          {
            "name": "VU#744549",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/744549"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-0806"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \"Uninitialized Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx"
            },
            {
              "name": "ADV-2010-0567",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0567"
            },
            {
              "name": "38615",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/38615"
            },
            {
              "name": "38860",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38860"
            },
            {
              "name": "VU#744549",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/744549"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/981374.mspx",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.microsoft.com/technet/security/advisory/981374.mspx"
            },
            {
              "name": "62810",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/62810"
            },
            {
              "name": "ADV-2010-0744",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0744"
            },
            {
              "name": "TA10-068A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
            },
            {
              "name": "TA10-089A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"
            },
            {
              "name": "ms-ie-useafterfree-code-execution(56772)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56772"
            },
            {
              "name": "oval:org.mitre.oval:def:8446",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446"
            },
            {
              "name": "MS10-018",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2023-12-07T18:38Z",
      "publishedDate": "2010-03-10T22:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-0806 (GCVE-0-2010-0806)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

CERTA-2010-ALE-004

Description

Contournement provisoire

Solution

CERTA-2010-ALE-004

Description

Contournement provisoire

Solution

CERTA-2010-AVI-146

Description

Solution

CERTA-2010-AVI-146

Description

Solution

FKIE_CVE-2010-0806

GHSA-F5RX-X946-JM33

GSD-2010-0806

Tags

Sightings

Nomenclature