HighCISA KEVExploited in the wildPublic exploit

Microsoft Internet Explorer Peer Objects Use-After-Free RCE

IdentifiersCVE-2010-0806CWE-416· Use After Free

CVE-2010-0806 is a use-after-free vulnerability in the Peer Objects component (iepeers.dll) of Microsoft Internet Explorer 6, 6 SP1, and 7. The flaw occurs when Internet Explorer accesses an invalid pointer after an object has been deleted, resulting in memory corruption. A remote attacker can trigger the condition using specially crafted web content, including malicious HTML and script, causing the browser to dereference freed memory. The vulnerability was exploited in the wild in March 2010 and has also been referred to as an uninitialized memory corruption issue in public reporting.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can lead to arbitrary code execution in the security context of the current user. In practical terms, this allows an attacker to run attacker-controlled code when a victim visits a malicious webpage or otherwise renders crafted web content in a vulnerable Internet Explorer instance. Depending on the victim's privileges, this can result in full compromise of the affected workstation, malware installation, data theft, and follow-on intrusion activity.

Mitigation

If you can’t patch tonight, do this now.

Until remediation is completed, reduce exposure by preventing use of vulnerable Internet Explorer versions, especially for untrusted or internet-facing browsing. Restrict or disable access to malicious or untrusted web content through network and web filtering controls, and limit user privileges to reduce post-exploitation impact. Where operationally feasible, isolate or decommission legacy systems that still require affected IE versions.

Remediation

Patch, then assume compromise.

Apply Microsoft's security update for CVE-2010-0806 on affected Internet Explorer installations. Because the affected products are legacy Internet Explorer versions (IE 6, 6 SP1, and 7), organizations should upgrade to supported software where possible and retire unsupported browsers. If the affected Internet Explorer version is end-of-life or end-of-service and no supported patch path remains in the environment, discontinue use of the vulnerable product.

PUBLIC EXPLOITS

Exploits

No valid public exploits. Mallory filtered out 1 candidate as fakes, detection scripts, or README-only repos.

VALID 0 / 1 TOTALView more in app

All candidate exploits were filtered out by Mallory's validation.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Microsoft CorporationInternet Explorerapplication

Microsoft CorporationWindows 2000operating_system

Microsoft CorporationWindows 2003 Serveroperating_system

Microsoft CorporationWindows Server 2008operating_system

Microsoft CorporationWindows Vistaoperating_system

Microsoft CorporationWindows Xpoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

17 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

17 SOURCESView more in app

thecyberexpress com vulnerabilitiesNews

May 22, 2026

Microsoft Defender CVE-2026-41091 & CVE-2026-45498

An Internet Explorer use-after-free vulnerability enabling remote code execution.

security affairsNews

May 21, 2026

U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog

A critical use-after-free vulnerability in Microsoft Internet Explorer that enables remote code execution through a malicious webpage and was exploited as a zero-day in targeted attacks.

the hacker newsNews

May 21, 2026

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

A use-after-free remote code execution vulnerability in Microsoft Internet Explorer.

cyberthroneNews

May 21, 2026

CISA adds Seven Vulnerabilities to KEV Catalog - TheCyberThrone

A second Microsoft Internet Explorer use-after-free vulnerability that enables remote code execution via crafted HTML content.

+2 more in the timeline

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence2

Every observed campaign linking this CVE to a named adversary.

Associated malware1

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity9

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2010-0806

NVD

nvd.nist.gov/vuln/detail/CVE-2010-0806

MITRE CWE · CWE-416

Use After Free

Patch

kb.cert.org/vuls/id/744549

Vendor Advisory

secunia.com/advisories/38860

Vendor Advisory

vupen.com/english/advisories/2010/0567

Vendor Advisory

vupen.com/english/advisories/2010/0744

Vendor Advisory

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018

Vendor Advisory

learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018

Third Party Advisory

exchange.xforce.ibmcloud.com/vulnerabilities/56772

US Government Resource

us-cert.gov/cas/techalerts/TA10-068A.html

US Government Resource

us-cert.gov/cas/techalerts/TA10-089A.html

+1 more reference

view more in app