CVE-2010-0806
7.2 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka βUninitialized Memory Corruption Vulnerability.β
References
blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx
osvdb.org/62810
secunia.com/advisories/38860
www.kb.cert.org/vuls/id/744549
www.microsoft.com/technet/security/advisory/981374.mspx
www.securityfocus.com/bid/38615
www.us-cert.gov/cas/techalerts/TA10-068A.html
www.us-cert.gov/cas/techalerts/TA10-089A.html
www.vupen.com/english/advisories/2010/0567
www.vupen.com/english/advisories/2010/0744
docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018
exchange.xforce.ibmcloud.com/vulnerabilities/56772
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446
Related
7.2 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%