Internet Explorer iepeers.dll use-after-free vulnerability

Added: 04/02/2010
CVE: CVE-2010-0806
BID: 38615
OSVDB: 62810

Background

The iepeers.dll component of Internet Explorer provides support for Web Folders and printing.

Problem

A vulnerability in iepeers.dll allows a specially crafted web page to cause a pointer to be used after it has been freed, resulting in command execution.

Resolution

Apply the update referenced in MS10-018.

References

http://www.kb.cert.org/vuls/id/744549

Limitations

Exploit works on Internet Explorer 7 and requires a user to load the exploit page.

Platforms

Windows

Back to exploit index