Fix Soon

CVE-2010-0806

Remote Code Execution in Microsoft Internet Explorer

Summary

A use-after-free in Internet Explorer's Peer Objects component (iepeers.dll) causes memory corruption when the browser processes specially crafted web content. A remote attacker can host or inject a malicious page and lure a user to visit it; no authentication is required. Successful exploitation runs code as the logged-on user and can fully compromise the machine if that user has administrative rights.

Why Fix Soon?

5/6

No authentication required

Internal deployment

User interaction unknown (assumed none)

Exploitable in default configuration

Active exploitation in the wild

High impact vulnerability

Exploitation Details

Type

RCE (Remote Code Execution)

Is exploitable with default configuration?

Yes

Is authentication needed?

PoC / Exploit

Yes

github.com

Impact

Execute arbitrary code in the logged-on user's context; if the user is an administrator, gain full control of the system.

RCE (Remote Code Execution)

Exploitation Requirements

None — vulnerable in default configuration

Exploitation Process

The attacker prepares a malicious web page or injected web payload that exercises Internet Explorer's vulnerable object-handling code path in iepeers.dll. When the victim visits the page, the browser hits the use-after-free condition, corrupts memory, and transfers execution to attacker-supplied shellcode. In observed attacks, the malicious content was delivered as obfuscated JavaScript and could run immediately when the page loaded.

Detection Resources

Manual Detection

Script Detection

Scanner Detection

Affected Software

Vendor:Microsoft

Product	Affected Versions
Internet Explorer	6 Service Pack 1, 6, and 7

Description

Microsoft web browser used to access websites and render HTML content, including web content embedded in email and Office-style applications.

Deployment:Typically internal

Protocol:HTTP/HTTPS

Ports:80, 443

Affected ComponentPeer Objects component (iepeers.dll) in Internet Explorer, used in the DHTML behaviors / Web Folders printing path.

Peer Objects component (iepeers.dll) in Internet Explorer, used in the DHTML behaviors / Web Folders printing path.

Enterprise Usage

Very Low

Low

Medium

High

Very High

Vendor Size:Big

Vendor Notifications

https://learn.microsoft.com/en-us/security-updates/securityadvisories/2010/981374 https://learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018

Remediation

Workaround

As a temporary mitigation, disable the peer factory class in iepeers.dll by removing its CLSID registry key; Microsoft also documents restricting ACLs on iepeers.dll, enabling DEP in IE7, and raising IE security zones to High.

learn.microsoft.com

Patch

Not available

Update

Install Microsoft's MS10-018 cumulative Internet Explorer security update that fixes CVE-2010-0806 on affected systems.

learn.microsoft.com

Threat Intelligence

EPSS Score89.5%

Probability of exploitation in the next 30 days

EPSS Percentile100%

Worse than 100% of all CVEs

Last updated: Loading...

CISA KEV

Listed

Active Exploitation

Active

learn.microsoft.com

Threat Actors

No known threat actors

Detection Rules

No detection rules available

NVD Data

Published: Loading...Modified: Loading...

Description Summary

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."

CVSS Base Score

9.3

Critical

CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Attack Vector (AV)

Physical

Local

Adjacent

Network

Attack Complexity (AC)

High

Low

Privileges Required (PR)

High

Low

None

User Interaction (UI)

Required

None

Scope (S)

Unchanged

Changed

Confidentiality (C)

None

Low

High

Integrity (I)

None

Low

High

Availability (A)

None

Low

High

CWE:—

NVD:CVE-2010-0806

Version From:—

Version Upto:—

Affected Software (CPE) (19)

•cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
•cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*

Sources

Source	Article
learn.microsoft.com	Microsoft Security Advisory 981374
learn.microsoft.com	Microsoft Security Bulletin MS10-018 - Critical
nvd.nist.gov	CVE-2010-0806 Detail
kb.cert.org	VU#744549 - Microsoft Internet Explorer iepeers.dll use-after-free vulnerability
microsoft.com	Exploit:JS/CVE-2010-0806 threat description
zscaler.com	Spike Of "iepeers.dll" Exploits
cisa.gov	Known Exploited Vulnerabilities Catalog
rapid7.com	MS10-018 Microsoft Internet Explorer DHTML Behaviors Use After Free

Priority History

Fix SoonLoading...

Initial analysis