Internet Explorer

CVE-2010-0806 is a use-after-free vulnerability in Microsoft Internet Explorer that allows remote attackers to execute arbitrary code by accessing an invalid pointer after object deletion; mitigations should be applied or product utilization discontinued.

Microsoft Internet Explorer is vulnerable to a use-after-free vulnerability (CVE-2010-0249) that allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object.

Adversaries may embed a malicious command in an MSC file in order to trick victims into executing malicious commands, leading to initial access and execution of arbitrary code.

This rule detects potential command and control activity where Internet Explorer (iexplore.exe) is started via the Component Object Model (COM) and makes unusual network connections, indicating adversaries might exploit Internet Explorer via COM to evade detection and bypass host-based firewall restrictions.

Detects network connections to the standard Kerberos port from an unusual process other than lsass.exe, potentially indicating Kerberoasting or Pass-the-Ticket activity on Windows systems.