Russian Vulnerability Scanner Database

Back to List

CVE-2010-0806

Scores

EPSS

0.895high89.5%
0%20%40%60%80%100%

Percentile: 89.5%

CVSS

9.3critical2.0
0246810

CVSS Score: 9.3/10

All CVSS Scores

CVSS 2.0
9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka “Uninitialized Memory Corruption Vulnerability.”

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

nvd

CWEs

CWE-399

Exploits

Exploit ID: 11683

Source: exploitdb

URL: https://www.exploit-db.com/exploits/11683

Exploit ID: 16590

Source: exploitdb

URL: https://www.exploit-db.com/exploits/16590

Recommendations

Source: nvd

Apply an updateThis issue is addressed in Microsoft Security Bulletin MS10-018, which modifies the way Internet Explorer handles objects in memory.Enable Data Execution Prevention (DEP) on Internet Explorer 6 or Internet Explorer 7Microsoft has published more information on DEP as a mitigation for this vulnerability. DEP should not be treated as a complete workaround, but DEP can mitigate the execution of attacker-supplied code in some cases. Microsoft has published detailed technical information about DEP in Security Research & Defense blog posts “Understanding DEP as a mitigation technology” part 1 and part 2. Use of DEP should be considered in conjunction with other mitigations described in this document.Set the Internet zone security setting to “High”Setting the Internet zone security setting to “High” will result in the user being prompted before running ActiveX controls and Active Scripting, which may reduce the risk of certain attack vectors.Disable Active ScriptingDisabling Active Scripting will prevent Active Scripting from running, which may reduce the risk of certain attack vectors.

URL: http://www.kb.cert.org/vuls/id/744549

Vulnerable Software (12)

Type: Configuration

Vendor: *

Product: internet_explorer

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": ...

Source: nvd

Type: Configuration

Vendor: *

Product: internet_explorer

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": ...

Source: nvd

Type: Configuration

Vendor: *

Product: internet_explorer

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": ...

Source: nvd

Type: Configuration

Vendor: *

Product: windows_2000

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": ...

Source: nvd

Type: Configuration

Vendor: *

Product: windows_2003_server

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": ...

Source: nvd

Type: Configuration

Vendor: *

Product: windows_2003_server

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": ...

Source: nvd

Type: Configuration

Vendor: *

Product: windows_server_2003

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": ...

Source: nvd

Type: Configuration

Vendor: *

Product: windows_server_2003

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": ...

Source: nvd

Type: Configuration

Vendor: *

Product: windows_server_2008

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": ...

Source: nvd

Type: Configuration

Vendor: *

Product: windows_vista

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": ...

Source: nvd

Type: Configuration

Vendor: *

Product: windows_xp

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": ...

Source: nvd

Type: Configuration

Vendor: *

Product: windows_xp

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": ...

Source: nvd

End of list