Memory Corruption Vulnerability in Microsoft IIS Authentication
CVE-2010-1256

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Server
Vendor: CVE Published:; 8 June 2010

Summary

A vulnerability exists in Microsoft Internet Information Services (IIS) versions 6.0, 7.0, and 7.5, specifically when Extended Protection for Authentication is enabled. This flaw permits remote authenticated users to execute arbitrary code due to issues in 'token checking' that can lead to memory corruption. The impact of this vulnerability can compromise the integrity of the server, allowing attackers to gain unauthorized access and control over the system.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/40573

vdb-entryx_refsource_BID

EPSS Score

33% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 8, 2010
Vulnerability Reserved
Apr 5, 2010