21 May 2026
Reference: CVE-2010-0806
1. What is being reported?
The vulnerability involves a problem in a part of Internet Explorer that handles certain web content. Because of this flaw, attackers can run harmful software on a computer without permission by tricking the browser into using invalid memory. This issue affects Internet Explorer versions 6, 6 SP1, and 7 and has been actively exploited since 2010.
2. What this means in plain English
If your organisation uses these older versions of Internet Explorer, attackers could potentially gain control of your computers by simply visiting a malicious website or opening a harmful file. This could lead to data theft, disruption of services, or other serious problems.
3. Could this affect a small business?
Small businesses and organisations still using Internet Explorer 6 or 7 are at risk. However, most modern systems and browsers are not affected. If you use newer browsers or have updated your software, this vulnerability likely does not apply to you.
4. What to do now
- Check if any computers in your organisation are still running Internet Explorer 6, 6 SP1, or 7.
- If so, update to a modern, supported web browser immediately.
- If updating is not possible, apply any available security mitigations recommended by Microsoft or your IT provider.
- Consult your IT provider about following official guidance for cloud services and consider discontinuing use of these outdated browsers.
5. Ask your IT provider
Are any of our systems still using Internet Explorer versions 6, 6 SP1, or 7, and what steps can we take to protect against this known exploited vulnerability?
6. Bottom line
Using outdated browsers like Internet Explorer 6 or 7 puts your organisation at serious risk; updating or discontinuing their use is essential.
Information based on CISA KEV, NVD, and reputable security reporting.