Internet Explorer iepeers.dll use-after-free vulnerability

2010-04-02T00:00:00
ID SAINT:4511074B7BE1CEC83809AE7F122D4339
Type saint
Reporter SAINT Corporation
Modified 2010-04-02T00:00:00

Description

Added: 04/02/2010
CVE: CVE-2010-0806
BID: 38615
OSVDB: 62810

Background

The **iepeers.dll** component of Internet Explorer provides support for Web Folders and printing.

Problem

A vulnerability in **iepeers.dll** allows a specially crafted web page to cause a pointer to be used after it has been freed, resulting in command execution.

Resolution

Apply the update referenced in MS10-018.

References

<http://www.kb.cert.org/vuls/id/744549>

Limitations

Exploit works on Internet Explorer 7 and requires a user to load the exploit page.

Platforms

Windows