Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since May 20, 2026.

The EPSS score is 0.87253.

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Microsoft
  • Internet Explorer
  • Windows 2000
  • Windows 7
  • Windows Server 2003
  • Windows Server 2008
  • Windows Vista
  • Windows Xp

Configuration 1 [-]

AND
OR cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*

Configuration 3 [-]

AND
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*

Configuration 4 [-]

AND
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

No data.

No data.

References
Link Providers
http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx cve-icon cve-icon
http://osvdb.org/62810 cve-icon cve-icon
http://secunia.com/advisories/38860 cve-icon cve-icon
http://www.kb.cert.org/vuls/id/744549 cve-icon cve-icon
http://www.microsoft.com/technet/security/advisory/981374.mspx cve-icon cve-icon
http://www.securityfocus.com/bid/38615 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA10-068A.html cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA10-089A.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0567 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0744 cve-icon cve-icon
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/56772 cve-icon cve-icon
https://learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446 cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0806 cve-icon cve-icon
History

Thu, 21 May 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 7
CPEs cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*		 cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
Vendors & Products Microsoft windows 2003 Server
Microsoft windows 7

Wed, 20 May 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 20 May 2026 17:45:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-05-20T00:00:00+00:00', 'dueDate': '2026-06-03T00:00:00+00:00'}
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-21T03:55:29.109Z

Reserved: 2010-03-02T00:00:00.000Z

Link: CVE-2010-0806

cve-icon Vulnrichment

Updated: 2024-08-07T00:59:39.106Z

cve-icon NVD

Status : Analyzed

Published: 2010-03-10T22:30:01.323

Modified: 2026-05-21T12:57:10.303

Link: CVE-2010-0806

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.