Published: 2010-03-13T07:32+00:00
Last Updated: 2010-04-01T22:41+00:00
JVNTR-2010-09
Microsoft Internet Explorer iepeers.dll use-after-free vulnerability (VU#744549)
Overview
Microsoft Internet Explorer contains a use-after-free vulnerability in the iepeers.dll file, which may allow a remote, unauthenticated attacker to execute arbitrary code.
Event Information
| Date (UTC) | Description |
| 2010-04-01 22:41 |
JVN JVNTR-2010-10: Microsoft Internet Explorer Vulnerabilities (TA10-089A) |
| 2010-03-30 20:31 |
Microsoft Microsoft Security Advisory (981374): Vulnerability in Internet Explorer Could Allow Remote Code Execution Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-018 to address this issue. |
| 2010-03-11 00:00 |
Microsoft Microsoft Security Advisory (981374): Vulnerability in Internet Explorer Could Allow Remote Code Execution Advisory published. Microsoft is investigating new, public reports of a vulnerability in Internet Explorer 6 and Internet Explorer 7. Our investigation has shown that the latest version of the browser, Internet Explorer 8, is not affected. |
| 2010-03-10 22:11 |
Symantec Zero-Day Attack on IE6 - JS.Sykipot Doesn't Spare Retired Software Security Response Blog Internet Explorer 6 may have taken its path to retirement but it still remains a good target for exploits, as we can see from JS.Sykipot. This zero-day was found on March 8th and it exploits a vulnerability in some Internet Explorer versions (CVE-2010-0806 , BID 38615) that can lead to remote code execution. Upon successful exploitation, JS.Sykipot will download and run Backdoor.Sykipot, which is a back door capable of communicating with its control server to receive and run several commands. |
| 2010-03-10 20:39 |
Microsoft Internet Explorer iepeers.dll use-after-free exploit (meta) Vulnerability Proof Of Concept (CVE-2010-0806) A new Microsoft Internet Explorer 0day exploit has been found circulating in-the-wild. |
| 2010-03-10 16:06 |
Sophos Troj/JSRedir-AW Exploiting vulnerability (CVE-2010-0806) |
| 2010-03-10 15:00 |
Trend Micro JS_SHELLCOD.JDT Exploiting vulnerability (CVE-2010-0806) |
| 2010-03-10 14:01 |
The Metasploit Project Microsoft Internet Explorer iepeers.dll use-after-free exploit for the Metasploit Framework Vulnerability Proof Of Concept (CVE-2010-0806) #Cid: ie_iepeers_pointer.rb #Tested: cpe:/o:microsoft:windows_xp::sp3 + cpe:/a:microsoft:ie:6 #Tested: cpe:/o:microsoft:windows_xp::sp3 + cpe:/a:microsoft:ie:7 #Tested: cpe:/o:microsoft:windows_vista::sp2 + cpe:/a:microsoft:ie:7 |
| 2010-03-10 |
Sophos Internet Explorer 0-day targeted in spam runs Hot on the heels of the Patch Tuesday announcements yesterday (see blog or links to vulnerability assessment pages), came the announcement of a new zero-day in Internet Explorer (CVE-2010-0806). SophosLabs blog |
| 2010-03-09 23:30 |
McAfee Targeted Internet Explorer Zero-Day Attack Announced (CVE-2010-0806) Computer Security Research - McAfee Labs Blog Earlier today, Microsoft released Security Advisory (981374). This advisory covers CVE-2010-0806, an unpatched vulnerability affecting Internet Explorer versions 6 and 7. This attack appears to be rather targeted at the moment, but as with other unpatched vulnerabilities in the past, this has the potential to explode now that the word is getting out. |
| 2010-03-09 23:08 |
McAfee BackDoor-EMN Exploiting vulnerability (CVE-2010-0806) |
| 2010-03-09 |
Symantec JS.Sykipot |
| 2010-03-06 |
TOPIX21CENTURY.COM Domain Name Created on: 06-Mar-10 |
Other Information
| CVE |
CVE-2010-0806 |