HighCISA KEVExploited in the wildPublic exploit

Microsoft Internet Explorer Peer Objects Use-After-Free RCE

IdentifiersCVE-2010-0806CWE-416· Use After Free

CVE-2010-0806 is a use-after-free vulnerability in the Peer Objects component of Microsoft Internet Explorer (iepeers.dll) affecting Internet Explorer 6, 6 SP1, and 7. The flaw occurs when Internet Explorer accesses an invalid pointer after an object has been deleted, resulting in memory corruption. Microsoft and downstream reporting describe this as an 'Uninitialized Memory Corruption Vulnerability,' but the supplied technical description identifies the core bug class as a use-after-free in iepeers.dll. A remote attacker can trigger the condition by getting a victim to load a specially crafted web page containing malicious HTML and script content. Successful exploitation can corrupt process memory and execute attacker-controlled code in the context of the logged-in user. The vulnerability was exploited in the wild in March 2010 and was later used as a zero-day in targeted attacks, including activity attributed to GREF.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows remote code execution in the security context of the current user. On systems where the user has administrative privileges, this can lead to full system compromise. An attacker can use the vulnerability to install malware, access or modify data, create accounts, and pivot to further post-exploitation activity. Because exploitation is delivered through malicious web content, it is suitable for drive-by compromise and watering-hole operations.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching or replacement is not possible, reduce exposure by preventing use of vulnerable Internet Explorer versions, restricting access to untrusted websites, and disabling or tightly controlling active scripting and active content in IE security zones where operationally feasible. Run users without administrative privileges to reduce post-exploitation impact. Network controls such as web filtering and blocking known malicious or unnecessary sites can reduce exploit delivery opportunities, but these are compensating controls only and do not remove the underlying vulnerability.

Remediation

Patch, then assume compromise.

Apply Microsoft's security update for CVE-2010-0806 on affected Internet Explorer installations. Because the affected versions are legacy Internet Explorer releases (IE 6/6 SP1/7) that may be end-of-life or end-of-service, the preferred remediation is to upgrade to a supported browser and supported Windows platform where the vulnerable component is no longer exposed. Where vendor patches are no longer available for the deployed product, discontinue use of the affected software as recommended in KEV-related guidance.

PUBLIC EXPLOITS

Exploits

No valid public exploits. Mallory filtered out 1 candidate as fakes, detection scripts, or README-only repos.

VALID 0 / 1 TOTALView more in app

All candidate exploits were filtered out by Mallory's validation.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Microsoft CorporationInternet Explorerapplication

Microsoft CorporationWindows 2000operating_system

Microsoft CorporationWindows 2003 Serveroperating_system

Microsoft CorporationWindows Server 2008operating_system

Microsoft CorporationWindows Vistaoperating_system

Microsoft CorporationWindows Xpoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

14 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

14 SOURCESView more in app

thecyberexpress com vulnerabilitiesNews

May 22, 2026

Microsoft Defender CVE-2026-41091 & CVE-2026-45498

An Internet Explorer use-after-free vulnerability enabling remote code execution.

security affairsNews

May 21, 2026

U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog

A critical use-after-free vulnerability in Microsoft Internet Explorer that enables remote code execution through a malicious webpage and was exploited as a zero-day in targeted attacks.

the hacker newsNews

May 21, 2026

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

A use-after-free remote code execution vulnerability in Microsoft Internet Explorer.

cyberthroneNews

May 21, 2026

CISA adds Seven Vulnerabilities to KEV Catalog - TheCyberThrone

A second Microsoft Internet Explorer use-after-free vulnerability that enables remote code execution via crafted HTML content.

+2 more in the timeline

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence2

Every observed campaign linking this CVE to a named adversary.

Associated malware1

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity6

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2010-0806

NVD

nvd.nist.gov/vuln/detail/CVE-2010-0806

MITRE CWE · CWE-416

Use After Free

Patch

kb.cert.org/vuls/id/744549

Vendor Advisory

secunia.com/advisories/38860

Vendor Advisory

vupen.com/english/advisories/2010/0567

Vendor Advisory

vupen.com/english/advisories/2010/0744

Vendor Advisory

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018

Vendor Advisory

learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018

Third Party Advisory

exchange.xforce.ibmcloud.com/vulnerabilities/56772

US Government Resource

us-cert.gov/cas/techalerts/TA10-068A.html

US Government Resource

us-cert.gov/cas/techalerts/TA10-089A.html

+1 more reference

view more in app