COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2010-0806

CVE-2010-0806

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-05-20
Reference
https://nvd.nist.gov/vuln/detail/CVE-2010-0806
⚡ RCE ⌖ exploited in the wild shame 85/100 rceexploited-in-wildransomwareunpatched

Microsoft Internet Explorer use-after-free vulnerability enables remote code execution on EoL browsers.

This use-after-free flaw allows remote attackers to execute arbitrary code via invalid pointer access, posing a critical risk to DIB organizations relying on legacy systems or legacy browser support. The vulnerability is actively exploited in the wild and linked to ransomware campaigns, necessitating immediate discontinuation of Internet Explorer usage and migration to supported browsers to avoid compliance violations and data exposure.

Shame score — Active exploitation of a known, high-severity vulnerability in a widely deployed product despite EoL status.

Players implicated

Microsoft · vendorInternet Explorer · product

Description

Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Affected FedRAMP products 4 in the catalog

ProductProviderStatusMatch
Azure Commercial Cloud Microsoft Authorized vendor-exact · 0.90
Azure Government (includes Dynamics 365) Microsoft Authorized vendor-exact · 0.90
Microsoft Office 365 GCC High Microsoft In Process vendor-exact · 0.90
Office 365 Multi-Tenant & Supporting Services Microsoft Authorized vendor-exact · 0.90