Exposures › CVE-2010-0806
Microsoft Internet Explorer use-after-free vulnerability enables remote code execution on EoL browsers.
This use-after-free flaw allows remote attackers to execute arbitrary code via invalid pointer access, posing a critical risk to DIB organizations relying on legacy systems or legacy browser support. The vulnerability is actively exploited in the wild and linked to ransomware campaigns, necessitating immediate discontinuation of Internet Explorer usage and migration to supported browsers to avoid compliance violations and data exposure.
Shame score — Active exploitation of a known, high-severity vulnerability in a widely deployed product despite EoL status.
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
| Product | Provider | Status | Match |
|---|---|---|---|
| Azure Commercial Cloud | Microsoft | Authorized | vendor-exact · 0.90 |
| Azure Government (includes Dynamics 365) | Microsoft | Authorized | vendor-exact · 0.90 |
| Microsoft Office 365 GCC High | Microsoft | In Process | vendor-exact · 0.90 |
| Office 365 Multi-Tenant & Supporting Services | Microsoft | Authorized | vendor-exact · 0.90 |