Vulnerability-Lookup

CVE-2010-0806 (GCVE-0-2010-0806)

Vulnerability from cvelistv5 – Published: 2010-03-10 22:00 – Updated: 2024-08-07 00:59

Summary

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://osvdb.org/62810	vdb-entryx_refsource_OSVDB
	http://www.us-cert.gov/cas/techalerts/TA10-089A.html	third-party-advisoryx_refsource_CERT
	http://www.securityfocus.com/bid/38615	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2010/0567	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/38860	third-party-advisoryx_refsource_SECUNIA
	http://www.us-cert.gov/cas/techalerts/TA10-068A.html	third-party-advisoryx_refsource_CERT
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.microsoft.com/technet/security/advisor…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.vupen.com/english/advisories/2010/0744	vdb-entryx_refsource_VUPEN
	http://blogs.technet.com/msrc/archive/2010/03/09/…	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/744549	third-party-advisoryx_refsource_CERT-VN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:59:39.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "62810",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/62810"
          },
          {
            "name": "TA10-089A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"
          },
          {
            "name": "38615",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38615"
          },
          {
            "name": "ADV-2010-0567",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0567"
          },
          {
            "name": "38860",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38860"
          },
          {
            "name": "TA10-068A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
          },
          {
            "name": "MS10-018",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/981374.mspx"
          },
          {
            "name": "ms-ie-useafterfree-code-execution(56772)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56772"
          },
          {
            "name": "oval:org.mitre.oval:def:8446",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446"
          },
          {
            "name": "ADV-2010-0744",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0744"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx"
          },
          {
            "name": "VU#744549",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/744549"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \"Uninitialized Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "62810",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/62810"
        },
        {
          "name": "TA10-089A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"
        },
        {
          "name": "38615",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38615"
        },
        {
          "name": "ADV-2010-0567",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0567"
        },
        {
          "name": "38860",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38860"
        },
        {
          "name": "TA10-068A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
        },
        {
          "name": "MS10-018",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/981374.mspx"
        },
        {
          "name": "ms-ie-useafterfree-code-execution(56772)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56772"
        },
        {
          "name": "oval:org.mitre.oval:def:8446",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446"
        },
        {
          "name": "ADV-2010-0744",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0744"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx"
        },
        {
          "name": "VU#744549",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/744549"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-0806",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \"Uninitialized Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "62810",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/62810"
            },
            {
              "name": "TA10-089A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"
            },
            {
              "name": "38615",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/38615"
            },
            {
              "name": "ADV-2010-0567",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0567"
            },
            {
              "name": "38860",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38860"
            },
            {
              "name": "TA10-068A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
            },
            {
              "name": "MS10-018",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/981374.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/981374.mspx"
            },
            {
              "name": "ms-ie-useafterfree-code-execution(56772)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56772"
            },
            {
              "name": "oval:org.mitre.oval:def:8446",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446"
            },
            {
              "name": "ADV-2010-0744",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0744"
            },
            {
              "name": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx",
              "refsource": "CONFIRM",
              "url": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx"
            },
            {
              "name": "VU#744549",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/744549"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2010-0806",
    "datePublished": "2010-03-10T22:00:00.000Z",
    "dateReserved": "2010-03-02T00:00:00.000Z",
    "dateUpdated": "2024-08-07T00:59:39.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-146

Vulnerability from certfr_avis - Published: 2010-03-31 - Updated: 2010-03-31

Plusieurs vulnérabilités affectent Microsoft Internet Explorer et pemettent d'exécuter du code arbitraire à distance ou d'accéder à des données sensibles.

Description

Plusieurs vulnérabilités affectant Microsoft Internet Explorer ont été publiées. Leur exploitation permet d'exécuter du code arbitraire à distance ou d'accéder à des données sensibles.

Toutes les vulnérabilités n'affectent pas toutes les versions, et une même vulnérabilité peut avoir un impact différent selon les versions du logiciel.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Le correctif remédie à la vulnérabilité décrite dans l'alerte du CERTA CERTA-2010-ALE-004.

Microsoft Internet Explorer, toutes les versions.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS10-018 du 30 mars 2010	None	vendor-advisory
Alerte du CERTA CERTA-2010-ALE-004 du 31 mars 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eMicrosoft Internet Explorer, toutes les  versions.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectant Microsoft Internet Explorer ont \u00e9t\u00e9\npubli\u00e9es. Leur exploitation permet d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance ou d\u0027acc\u00e9der \u00e0 des donn\u00e9es sensibles.\n\nToutes les vuln\u00e9rabilit\u00e9s n\u0027affectent pas toutes les versions, et une\nm\u00eame vuln\u00e9rabilit\u00e9 peut avoir un impact diff\u00e9rent selon les versions du\nlogiciel.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nLe correctif rem\u00e9die \u00e0 la vuln\u00e9rabilit\u00e9 d\u00e9crite dans l\u0027alerte du CERTA\nCERTA-2010-ALE-004.\n",
  "cves": [
    {
      "name": "CVE-2010-0806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0806"
    },
    {
      "name": "CVE-2010-0267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0267"
    },
    {
      "name": "CVE-2010-0491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0491"
    },
    {
      "name": "CVE-2010-0488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0488"
    },
    {
      "name": "CVE-2010-0492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0492"
    },
    {
      "name": "CVE-2010-0805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0805"
    },
    {
      "name": "CVE-2010-0490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0490"
    },
    {
      "name": "CVE-2010-0489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0489"
    },
    {
      "name": "CVE-2010-0807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0807"
    },
    {
      "name": "CVE-2010-0494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0494"
    }
  ],
  "initial_release_date": "2010-03-31T00:00:00",
  "last_revision_date": "2010-03-31T00:00:00",
  "links": [
    {
      "title": "Alerte du CERTA CERTA-2010-ALE-004 du 31 mars 2010 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ALE-004/"
    }
  ],
  "reference": "CERTA-2010-AVI-146",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent Microsoft Internet Explorer et\npemettent d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance ou d\u0027acc\u00e9der \u00e0 des\ndonn\u00e9es sensibles.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-018 du 30 mars 2010",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx"
    }
  ]
}

CERTA-2010-ALE-004

Vulnerability from certfr_alerte - Published: 2010-03-10 - Updated: 2010-03-31

Une vulnérabilité dans Microsoft Internet Explorer permet l'exécution de code arbitraire à distance.

L'éditeur a publié un correctif pour remédier à cette vulnérabilité.

Description

Une vulnérabilité a été identifiée dans Microsoft Internet Explorer. Son exploitation permet l'exécution de code arbitraire à distance en incitant une victime à visiter une page Web spécialement conçue. L'éditeur Microsoft annonce que plusieurs cas d'attaques utilisant cette faille ont été découverts.

Le CERTA rappelle que si la vulnérabilité touche le navigateur Internet Explorer, d'autres vecteurs que des pages internet peuvent être utilisés. Notamment, il est possible d'exploiter cette faille au moyen de documents Microsoft Office spécialement conçus (cf. bulletin d'actualité CERTA-2009-ACT-012).

Contournement provisoire

Le CERTA recommande l'application du contournement suivant, qui consiste à retirer les droits d'accès à la bibliothèque iepeers.dll. Ceci peut avoir des effets de bord sur certaines fonctionnalités étendues de MSHTML (impression, répertoires Web).

Sur les systèmes 32 bits :

Echo y| cacls %WINDIR%\SYSTEM32\iepeers.DLL /E /P "Tout le monde":N

Sur les systèmes 64 bits :

Echo y| cacls %WINDIR%\SYSWOW64\iepeers.DLL /E /P "Tout le monde":N

Pour désactiver ce contournement et autoriser l'accès à cette bibliothèque :

Sur les systèmes 32 bits :

cacls %WINDIR%\SYSTEM32\iepeers.dll /E /R "Tout le monde"

Sur les systèmes 64 bits :

cacls %WINDIR%\SYSWOW64\iepeers.dll /E /R "Tout le monde"

Ce contournement fonctionne pour tous les vecteurs d'attaque (page Web, document Microsoft Office, etc.) et est donc recommandé même si Internet Explorer n'est pas le logiciel par défaut utilisé pour la navigation. L'installation d'Internet Explorer 8 permet également de contourner la vulnérabilité pour tous les vecteurs d'attaque.

Si les contournements précédents s'avèrent inapplicables, il est recommandé de naviguer avec un navigateur alternatif et d'appliquer les contournements spécifiques à l'exploitation de la vulnérabilité via des documents Microsoft Office (cf. bulletin d'actualité CERTA-2009-ACT-012).

Le CERTA rappelle, de plus, qu'il recommandé de naviguer avec un compte utilisateur aux droits restreints et de désactiver l'interprétation de code dynamique (Javascript, ActiveX). De plus, l'activation du DEP (Data Execution Prevention) peut limiter l'impact de cette vulnérabilité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Internet Explorer 6 Service Pack 1 ;
Microsoft	N/A	Internet Explorer 6 ;
Microsoft	N/A	Internet Explorer 7.

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS10-018 du 30 mars 2010	None	vendor-advisory
Avis de sécurité Microsoft #981374 du 09 mars 2010	None	vendor-advisory
Avis du CERTA CERTA-2010-AVI-146 du 31 mars 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 6 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2010-03-31",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans Microsoft Internet Explorer. Son\nexploitation permet l\u0027ex\u00e9cution de code arbitraire \u00e0 distance en\nincitant une victime \u00e0 visiter une page Web sp\u00e9cialement con\u00e7ue.\nL\u0027\u00e9diteur Microsoft annonce que plusieurs cas d\u0027attaques utilisant cette\nfaille ont \u00e9t\u00e9 d\u00e9couverts.\n\nLe CERTA rappelle que si la vuln\u00e9rabilit\u00e9 touche le navigateur Internet\nExplorer, d\u0027autres vecteurs que des pages internet peuvent \u00eatre\nutilis\u00e9s. Notamment, il est possible d\u0027exploiter cette faille au moyen\nde documents Microsoft Office sp\u00e9cialement con\u00e7us (cf. bulletin\nd\u0027actualit\u00e9 CERTA-2009-ACT-012).\n\n## Contournement provisoire\n\nLe CERTA recommande l\u0027application du contournement suivant, qui consiste\n\u00e0 retirer les droits d\u0027acc\u00e8s \u00e0 la biblioth\u00e8que iepeers.dll. Ceci peut\navoir des effets de bord sur certaines fonctionnalit\u00e9s \u00e9tendues de\nMSHTML (impression, r\u00e9pertoires Web).\n\nSur les syst\u00e8mes 32 bits :\n\n    Echo y| cacls %WINDIR%\\SYSTEM32\\iepeers.DLL /E /P \"Tout le monde\":N\n\nSur les syst\u00e8mes 64 bits :\n\n    Echo y| cacls %WINDIR%\\SYSWOW64\\iepeers.DLL /E /P \"Tout le monde\":N\n\nPour d\u00e9sactiver ce contournement et autoriser l\u0027acc\u00e8s \u00e0 cette\nbiblioth\u00e8que :\n\nSur les syst\u00e8mes 32 bits :\n\n    cacls %WINDIR%\\SYSTEM32\\iepeers.dll /E /R \"Tout le monde\"\n\nSur les syst\u00e8mes 64 bits :\n\n    cacls %WINDIR%\\SYSWOW64\\iepeers.dll /E /R \"Tout le monde\"\n\nCe contournement fonctionne pour tous les vecteurs d\u0027attaque (page Web,\ndocument Microsoft Office, etc.) et est donc recommand\u00e9 m\u00eame si Internet\nExplorer n\u0027est pas le logiciel par d\u00e9faut utilis\u00e9 pour la navigation.\nL\u0027installation d\u0027Internet Explorer 8 permet \u00e9galement de contourner la\nvuln\u00e9rabilit\u00e9 pour tous les vecteurs d\u0027attaque.\n\nSi les contournements pr\u00e9c\u00e9dents s\u0027av\u00e8rent inapplicables, il est\nrecommand\u00e9 de naviguer avec un navigateur alternatif et d\u0027appliquer les\ncontournements sp\u00e9cifiques \u00e0 l\u0027exploitation de la vuln\u00e9rabilit\u00e9 via des\ndocuments Microsoft Office (cf. bulletin d\u0027actualit\u00e9\nCERTA-2009-ACT-012).\n\nLe CERTA rappelle, de plus, qu\u0027il recommand\u00e9 de naviguer avec un compte\nutilisateur aux droits restreints et de d\u00e9sactiver l\u0027interpr\u00e9tation de\ncode dynamique (Javascript, ActiveX). De plus, l\u0027activation du DEP (Data\nExecution Prevention) peut limiter l\u0027impact de cette vuln\u00e9rabilit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0806"
    }
  ],
  "initial_release_date": "2010-03-10T00:00:00",
  "last_revision_date": "2010-03-31T00:00:00",
  "links": [
    {
      "title": "Avis du CERTA CERTA-2010-AVI-146 du 31 mars 2010 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-AVI-146/"
    }
  ],
  "reference": "CERTA-2010-ALE-004",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-10T00:00:00.000000"
    },
    {
      "description": "publication du correctif.",
      "revision_date": "2010-03-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Microsoft Internet Explorer permet l\u0027ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n\nL\u0027\u00e9diteur a publi\u00e9 un correctif pour rem\u00e9dier \u00e0 cette vuln\u00e9rabilit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-018 du 30 mars 2010",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx"
    },
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Microsoft #981374 du 09 mars 2010",
      "url": "http://www.microsoft.com/france/technet/security/advisory/981374.mspx"
    }
  ]
}

GSD-2010-0806

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-0806

Aliases

CVE-2010-0806

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-0806",
    "description": "Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \"Uninitialized Memory Corruption Vulnerability.\"",
    "id": "GSD-2010-0806",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2010-0806"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0806"
      ],
      "details": "Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \"Uninitialized Memory Corruption Vulnerability.\"",
      "id": "GSD-2010-0806",
      "modified": "2023-12-13T01:21:29.518713Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2010-0806",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \"Uninitialized Memory Corruption Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "62810",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/62810"
          },
          {
            "name": "TA10-089A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"
          },
          {
            "name": "38615",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/38615"
          },
          {
            "name": "ADV-2010-0567",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0567"
          },
          {
            "name": "38860",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38860"
          },
          {
            "name": "TA10-068A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
          },
          {
            "name": "MS10-018",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
          },
          {
            "name": "http://www.microsoft.com/technet/security/advisory/981374.mspx",
            "refsource": "CONFIRM",
            "url": "http://www.microsoft.com/technet/security/advisory/981374.mspx"
          },
          {
            "name": "ms-ie-useafterfree-code-execution(56772)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56772"
          },
          {
            "name": "oval:org.mitre.oval:def:8446",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446"
          },
          {
            "name": "ADV-2010-0744",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0744"
          },
          {
            "name": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx",
            "refsource": "CONFIRM",
            "url": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx"
          },
          {
            "name": "VU#744549",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/744549"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-0806"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \"Uninitialized Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx"
            },
            {
              "name": "ADV-2010-0567",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0567"
            },
            {
              "name": "38615",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/38615"
            },
            {
              "name": "38860",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38860"
            },
            {
              "name": "VU#744549",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/744549"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/981374.mspx",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.microsoft.com/technet/security/advisory/981374.mspx"
            },
            {
              "name": "62810",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/62810"
            },
            {
              "name": "ADV-2010-0744",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0744"
            },
            {
              "name": "TA10-068A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
            },
            {
              "name": "TA10-089A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"
            },
            {
              "name": "ms-ie-useafterfree-code-execution(56772)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56772"
            },
            {
              "name": "oval:org.mitre.oval:def:8446",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446"
            },
            {
              "name": "MS10-018",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2023-12-07T18:38Z",
      "publishedDate": "2010-03-10T22:30Z"
    }
  }
}

GHSA-F5RX-X946-JM33

Vulnerability from github – Published: 2022-05-02 06:15 – Updated: 2022-05-02 06:15

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-0806"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-03-10T22:30:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \"Uninitialized Memory Corruption Vulnerability.\"",
  "id": "GHSA-f5rx-x946-jm33",
  "modified": "2022-05-02T06:15:39Z",
  "published": "2022-05-02T06:15:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0806"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56772"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/62810"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38860"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/744549"
    },
    {
      "type": "WEB",
      "url": "http://www.microsoft.com/technet/security/advisory/981374.mspx"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/38615"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0567"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0744"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2010-0806

Vulnerability from fkie_nvd - Published: 2010-03-10 22:30 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx
secure@microsoft.com	http://osvdb.org/62810
secure@microsoft.com	http://secunia.com/advisories/38860	Vendor Advisory
secure@microsoft.com	http://www.kb.cert.org/vuls/id/744549	Patch, US Government Resource
secure@microsoft.com	http://www.microsoft.com/technet/security/advisory/981374.mspx	Patch, Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/bid/38615
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA10-068A.html	US Government Resource
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA10-089A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2010/0567	Vendor Advisory
secure@microsoft.com	http://www.vupen.com/english/advisories/2010/0744	Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/56772
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/62810
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38860	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/744549	Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/981374.mspx	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/38615
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA10-068A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA10-089A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0567	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0744	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/56772
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446

Impacted products

Vendor	Product	Version
microsoft	internet_explorer	7
microsoft	windows_2003_server	*
microsoft	windows_server_2003	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	-
microsoft	internet_explorer	7
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	internet_explorer	6
microsoft	windows_2000	*
microsoft	windows_2003_server	*
microsoft	windows_2003_server	*
microsoft	windows_server_2003	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
              "matchCriteriaId": "B8A32637-65EC-42C4-A892-0E599562527C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "7AE15F6C-80F6-43A6-86DA-B92116A697A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "2C9B0563-D613-497D-8F2E-515E6DA00CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka \"Uninitialized Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad de Uso de la Memoria Previamente Liberada en el componente Peer Objects (tambi\u00e9n se conoce como iepeers.dll) en Microsoft Internet Explorer versiones 6, 6 SP1 y 7 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de vectores que implican el acceso a un puntero no v\u00e1lido luego de la eliminaci\u00f3n de un objeto, tal y como se explot\u00f3 \"in the wild\" en marzo de 2010, tambi\u00e9n se conoce como \"Uninitialized Memory Corruption Vulnerability\"."
    }
  ],
  "evaluatorComment": "Further information on this vulnerability can be found at the following link from Microsoft:\r\n\r\nhttp://support.microsoft.com/kb/981374",
  "id": "CVE-2010-0806",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-03-10T22:30:01.323",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/62810"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38860"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/744549"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/981374.mspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/38615"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0567"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0744"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56772"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/62810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/744549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/981374.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/38615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0567"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56772"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8446"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-0806 (GCVE-0-2010-0806)

CERTA-2010-AVI-146

Description

Solution

CERTA-2010-ALE-004

Description

Contournement provisoire

Solution

GSD-2010-0806

GHSA-F5RX-X946-JM33

FKIE_CVE-2010-0806

Tags

Sightings

Nomenclature