Threat Intelligence / CVE / CVE-2010-0806
CVE-2010-0806
CISA KEVRansomwareUse-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Threats tracking this CVE
References
- http://osvdb.org/62810
- http://www.us-cert.gov/cas/techalerts/TA10-089A.html
- http://www.securityfocus.com/bid/38615
- http://www.vupen.com/english/advisories/2010/0567
- http://secunia.com/advisories/38860
- http://www.us-cert.gov/cas/techalerts/TA10-068A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018
- http://www.microsoft.com/technet/security/advisory/981374.mspx
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56772
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446
- http://www.vupen.com/english/advisories/2010/0744
- http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx
Full detection coverage & IOCs for threats exploiting CVE-2010-0806 are available via the Threadlinqs MCP server (Purple tier). View plans →