Vulnerability Note VU#744549
Microsoft Internet Explorer iepeers.dll use-after-free vulnerability
Microsoft Internet Explorer contains a use-after-free vulnerability in the iepeers.dll file, which may allow a remote, unauthenticated attacker to execute arbitrary code.
Microsoft Internet Explorer provides support for Web Folders and printing through the use of the iepeers.dll component. According to Microsoft Security Advisory (981374), the iepeers.dll contains a vulnerability in the use of a pointer after an object is freed. Microsoft reports that the vulnerability, which affects Internet Explorer 6 and 7, has been reported publicly.
Exploit code for this vulnerability is publicly available. This vulnerability is currently being exploited in the wild.
By convincing a user to load a specially crafted HTML document or Microsoft Office document, a remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition.
Apply an update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||09 Mar 2010|
CVSS Metrics (Learn More)
Thanks to Microsoft for reporting this vulnerability.
This document was written by Will Dormann.
- CVE IDs: CVE-2010-0806
- Date Public: 09 Mar 2010
- Date First Published: 09 Mar 2010
- Date Last Updated: 30 Mar 2010
- Severity Metric: 28.55
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.