Vulnerability intelligence
CVE-2010-0806
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
CVSS Score
8.8
High
EPSS — Exploit Probability
87%
Riskier than 99% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2026-06-03
CISA required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-06-03.
4 articles across 3 outlets · first covered May 20, 2026 · latest May 21, 2026
Coverage timeline
-
CISA Adds Critical Flaws in Windows, Office, Defender to KEV Listsecurityaffairs.com · May 21, 2026
-
CISA's KEV Catalog Helps Firms Prioritise Active Exploit Patcheswww.cisa.gov · May 20, 2026
-
CISA adds CVE-2010-0806 to KEV after IE exploits observed in wildcisa.gov · May 20, 2026
-
CISA adds seven KEV flaws, including 2026 Microsoft Defender bugswww.cisa.gov · May 20, 2026