Skip to main content
Mallory
Back to vulnerabilities
HighCISA KEVExploited in the wildPublic exploit

Microsoft Internet Explorer Peer Objects Use-After-Free RCE

IdentifiersCVE-2010-0806CWE-416· Use After Free

CVE-2010-0806 is a use-after-free vulnerability in the Peer Objects component of Microsoft Internet Explorer (iepeers.dll) affecting Internet Explorer 6, 6 SP1, and 7. The flaw occurs when Internet Explorer accesses an invalid pointer after an object has been deleted, resulting in memory corruption. Microsoft and downstream reporting describe this as an 'Uninitialized Memory Corruption Vulnerability,' but the supplied technical description identifies the core bug class as a use-after-free in iepeers.dll. A remote attacker can trigger the condition by getting a victim to load a specially crafted web page containing malicious HTML and script content. Successful exploitation can corrupt process memory and execute attacker-controlled code in the context of the logged-in user. The vulnerability was exploited in the wild in March 2010 and was later used as a zero-day in targeted attacks, including activity attributed to GREF.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows remote code execution in the security context of the current user. On systems where the user has administrative privileges, this can lead to full system compromise. An attacker can use the vulnerability to install malware, access or modify data, create accounts, and pivot to further post-exploitation activity. Because exploitation is delivered through malicious web content, it is suitable for drive-by compromise and watering-hole operations.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching or replacement is not possible, reduce exposure by preventing use of vulnerable Internet Explorer versions, restricting access to untrusted websites, and disabling or tightly controlling active scripting and active content in IE security zones where operationally feasible. Run users without administrative privileges to reduce post-exploitation impact. Network controls such as web filtering and blocking known malicious or unnecessary sites can reduce exploit delivery opportunities, but these are compensating controls only and do not remove the underlying vulnerability.

Remediation

Patch, then assume compromise.

Apply Microsoft's security update for CVE-2010-0806 on affected Internet Explorer installations. Because the affected versions are legacy Internet Explorer releases (IE 6/6 SP1/7) that may be end-of-life or end-of-service, the preferred remediation is to upgrade to a supported browser and supported Windows platform where the vulnerable component is no longer exposed. Where vendor patches are no longer available for the deployed product, discontinue use of the affected software as recommended in KEV-related guidance.
PUBLIC EXPLOITS

Exploits

No valid public exploits. Mallory filtered out 1 candidate as fakes, detection scripts, or README-only repos.

VALID 0 / 1 TOTALView more in app

All candidate exploits were filtered out by Mallory's validation.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
Microsoft CorporationInternet Explorerapplication
Microsoft CorporationWindows 2000operating_system
Microsoft CorporationWindows 2003 Serveroperating_system
Microsoft CorporationWindows Server 2008operating_system
Microsoft CorporationWindows Vistaoperating_system
Microsoft CorporationWindows Xpoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

14 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

14 SOURCESView more in app
thecyberexpress com vulnerabilitiesNews
May 22, 2026
Microsoft Defender CVE-2026-41091 & CVE-2026-45498

An Internet Explorer use-after-free vulnerability enabling remote code execution.

Read more
security affairsNews
May 21, 2026
U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog

A critical use-after-free vulnerability in Microsoft Internet Explorer that enables remote code execution through a malicious webpage and was exploited as a zero-day in targeted attacks.

Read more
the hacker newsNews
May 21, 2026
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

A use-after-free remote code execution vulnerability in Microsoft Internet Explorer.

Read more
cyberthroneNews
May 21, 2026
CISA adds Seven Vulnerabilities to KEV Catalog - TheCyberThrone

A second Microsoft Internet Explorer use-after-free vulnerability that enables remote code execution via crafted HTML content.

Read more
+2 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence2

Every observed campaign linking this CVE to a named adversary.

Associated malware1

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity6

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2010-0806
NVD
nvd.nist.gov/vuln/detail/CVE-2010-0806
MITRE CWE · CWE-416
Use After Free
Patch
kb.cert.org/vuls/id/744549
Vendor Advisory
secunia.com/advisories/38860
Vendor Advisory
vupen.com/english/advisories/2010/0567
Vendor Advisory
vupen.com/english/advisories/2010/0744
Vendor Advisory
docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018
Vendor Advisory
learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018
Third Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/56772
US Government Resource
us-cert.gov/cas/techalerts/TA10-068A.html
US Government Resource
us-cert.gov/cas/techalerts/TA10-089A.html
+1 more reference
view more in app