CVE-2010-1256

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Server
Vendor: CVE Published:; 8 June 2010

Summary

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/40573

vdb-entryx_refsource_BID

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 8, 2010
Vulnerability Reserved
Apr 5, 2010

Collectors

NVD DatabaseMitre Database