Internet Explorer RCE exploited in the wild (CVE-2010-0806)

Actively exploited in the wild - CVE-2010-0806 is a critical use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, and 7 that lets remote attackers execute arbitrary code by accessing an invalid pointer after deleting an object. Exploitation was confirmed in March 2010; apply MS10-018 immediately.

Overview

CVE-2010-0806 is a memory corruption flaw in the Peer Objects component (iepeers.dll) of Microsoft Internet Explorer. When the browser improperly handles a deleted object, an attacker can trigger a use-after-free condition, reusing freed memory to execute malicious code in the context of the logged-on user.

This vulnerability affects IE 6, 6 SP1, and 7 on all supported Windows platforms at the time of disclosure. It was actively exploited in the wild in March 2010, with CISA adding it to the Known Exploited Vulnerabilities (KEV) catalog.

Impact

An attacker can host a crafted webpage that, when visited by a victim using an affected IE version, executes arbitrary code with the user’s privileges. Full system compromise is possible if the user has administrative rights. The CVSS v2 score of 9.3 (Critical) reflects the low complexity, no privileges required, and network-based attack vector.

Remediation

Microsoft released security bulletin MS10-018 as an out-of-band update in March 2010. The fix is included in Internet Explorer 8 and all subsequent IE versions. To remediate:

1. Apply MS10-018 (KB980182) via Windows Update immediately.
2. Upgrade to Internet Explorer 8 or later - IE6 and IE7 are end-of-life.
3. Block outbound connections to known malicious domains from compromised hosts.
4. Enable Enhanced Mitigation Experience Toolkit (EMET) on legacy systems as a defense-in-depth layer.

Security Insight

CVE-2010-0806 was one of the earliest high-profile use-after-free vulnerabilities exploited in the browser ecosystem, setting a precedent for the attack class that would dominate the 2010s. At the time, IE6 remained widely deployed in enterprise environments long after Microsoft had moved on, making this a landmark case study in the risks of outdated software stagnation - a lesson that echoes today in continued exploitation of legacy components like Flash, Java, and old Windows versions.

Related Content

• Weekly Threat Roundup: APT28 DNS Hijacking (Apr 6-12
• APT28 Hijacks SOHO Routers - Microsoft 365 Credentials
• Storm-1175 Exploits Zero-Days to Deploy Medusa

Further Reading

• Weekly Threat Roundup: APT28 DNS Hijacking (Apr 6-12
• APT28 Hijacks SOHO Routers - Microsoft 365 Credentials
• Storm-1175 Exploits Zero-Days to Deploy Medusa
• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs