CVE-2010-0806 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Microsoft	Internet Explorer	5.01
Microsoft	Windows 2000	All versions
Microsoft	Windows 7	-
Microsoft	Windows Server 2003	All versions
Microsoft	Windows Server 2008	-
Microsoft	Windows Vista	All versions
Microsoft	Windows Xp	All versions

Related Weaknesses (CWE)

CWE-416 CWE-399

References

http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-releasBroken Link
http://osvdb.org/62810Broken Link
http://secunia.com/advisories/38860Vendor Advisory
http://www.kb.cert.org/vuls/id/744549PatchUS Government Resource
http://www.microsoft.com/technet/security/advisory/981374.mspxPatchVendor AdvisoryBroken Link
http://www.securityfocus.com/bid/38615Broken Link
http://www.us-cert.gov/cas/techalerts/TA10-068A.htmlUS Government Resource
http://www.us-cert.gov/cas/techalerts/TA10-089A.htmlUS Government Resource
http://www.vupen.com/english/advisories/2010/0567Vendor Advisory
http://www.vupen.com/english/advisories/2010/0744Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-01Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/56772Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-releasBroken Link
http://osvdb.org/62810Broken Link

FAQ

What is CVE-2010-0806?

CVE-2010-0806 is a vulnerability with a CVSS score of 8.8 (HIGH). Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving acce...

How severe is CVE-2010-0806?

CVE-2010-0806 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-0806?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer, Microsoft Windows 2000, Microsoft Windows 7, Microsoft Windows Server 2003, Microsoft Windows Server 2008.