CVE-2010-0806

HIGH KEV

Microsoft Internet Explorer <7 - Use After Free

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2010-0806 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 20, 2026. EIP tracks 3 public exploits from researchers including Metasploit, Trancer, unknown, including a Metasploit module exploits/windows/browser/ms10_018_ie_behaviors.

AI-analyzed exploit summary This is a Metasploit module exploiting a use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 via DHTML behaviors. It achieves remote code execution by manipulating the iepeers.dll component, leveraging heap spraying and JavaScript to trigger the vulnerability.

Description

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16590

This is a Metasploit module exploiting a use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 via DHTML behaviors. It achieves remote code execution by manipulating the iepeers.dll component, leveraging heap spraying and JavaScript to trigger the vulnerability.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 6 and 7
No auth needed
Prerequisites: Victim must visit a malicious webpage · Target must be using Internet Explorer 6 or 7
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Trancer · rubyremotewindows
https://www.exploit-db.com/exploits/11683

This is a Metasploit module exploiting a use-after-free vulnerability in iepeers.dll of Microsoft Internet Explorer 6 and 7. It achieves remote code execution by manipulating memory via JavaScript and triggering the vulnerability through DOM operations.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 6.0 SP0-2, 7.0 on Windows XP SP0-SP3 and Windows Vista SP2
No auth needed
Prerequisites: Target must be using a vulnerable version of Internet Explorer (6 or 7) · Target must visit a malicious webpage or have the exploit delivered via another vector
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by unknown · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb

This Metasploit module exploits a use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 via DHTML behaviors, specifically targeting the iepeers.dll component. It uses heap spraying and JavaScript obfuscation to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 6 and 7
No auth needed
Prerequisites: Victim must visit a malicious webpage using a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (15)

Core 15
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/62810
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-089A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38615
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0567
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38860
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-068A.html
Patch, Vendor Advisory x_refsource_confirm
http://www.microsoft.com/technet/security/advisory/981374.mspx
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56772
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0744
Patch, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/744549

Scores

CVSS v3 8.8
EPSS 0.8725
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2026-05-20
VulnCheck KEV 2010-03-10
InTheWild.io 2021-07-23
ENISA EUVD EUVD-2010-0832
CWE
CWE-399 CWE-416
Status published
Products (10)
microsoft/internet_explorer 7
microsoft/internet_explorer 6 (2 CPE variants)
microsoft/internet_explorer 5.01
microsoft/internet_explorer 8
microsoft/windows_2000
microsoft/windows_2003_server (2 CPE variants)
microsoft/windows_server_2003
microsoft/windows_server_2008 (6 CPE variants)
microsoft/windows_vista (4 CPE variants)
microsoft/windows_xp (3 CPE variants)
Published Mar 10, 2010
KEV Added May 20, 2026
Tracked Since Feb 18, 2026